Discord Data Breach Exposes 70,000 Users’ Data, Hackers Demand Ransom

URGENT UPDATE: Discord has confirmed a significant data breach affecting approximately 70,000 users due to unauthorized access of their third-party customer support provider, 5CA. The breach was identified on September 20, 2025, and the platform disclosed the incident just days ago on October 3.

This breach has potentially exposed sensitive user information, including names, email addresses, limited billing details, and even government ID images. As the cybersecurity landscape grows increasingly perilous, major platforms like Discord are facing serious questions about their data security measures.

Discord, which boasts over 200 million monthly users, confirmed that hackers gained access to 5CA, allowing them to view information from users who interacted with Discord’s Customer Support or Trust & Safety teams. Reports indicate that the attackers attempted to leverage this access to demand a ransom from Discord, highlighting a disturbing trend of cybercriminals targeting third-party service providers.

“We want to address inaccurate claims by those responsible that are circulating online,” a Discord representative stated. “This was not a breach of Discord, but rather a third-party service we use to support our customer service efforts.”

The compromised data includes Discord usernames, real names, emails, payment types, last four digits of credit cards, IP addresses, and messages exchanged with customer service agents. Notably, government ID images used for age verification were also compromised for some users.

Discord’s response has been swift. The company has terminated the relationship with 5CA, launched an internal investigation with a digital forensics team, and is actively informing affected users. They have assured users that critical data, such as full credit card numbers, CVV codes, passwords, and activity outside of customer support interactions, remain secure.

As for what’s next, Discord is working closely with law enforcement and relevant data protection authorities to mitigate the impact of this breach. They are also conducting an audit of all third-party vendors to ensure compliance with enhanced security standards.

In light of this alarming breach, users are encouraged to take immediate action to protect their accounts. Here are six critical steps users can follow:

1. Enable Two-Factor Authentication: Adding this layer of security makes unauthorized access significantly more challenging.
2. Review Personal Data: Consider using a data removal service to minimize your online footprint.
3. Use Strong Passwords: Implement unique passwords across all accounts; a password manager can aid in this effort.
4. Monitor Accounts: Regularly check for suspicious activity and consider identity theft protection services.
5. Exercise Caution with Communications: Be wary of phishing attempts and verify the sender’s identity.
6. Keep Software Updated: Ensure all devices and software are current to avoid exploitation of vulnerabilities.

This incident underscores a critical issue in cybersecurity: third-party providers often represent the weakest link in a company’s data protection strategy. As more companies, including tech giants and luxury brands, admit to breaches, the urgency for robust security measures has never been clearer.

For ongoing updates and assistance on how to safeguard your personal information, stay tuned to our coverage. As the situation develops, it is essential to remain vigilant and proactive in protecting your data.