{“lastseen”:”2025-10-07T10:08:25″,”description”:”Popular social platform Discord has suffered a data breach\u2014though technically, it wasn\u2019t Discord itself that was hacked. A third-party customer support provider was compromised, allowing attackers to access Discord\u2019s user data. Either way, it\u2019s Discord users who feel the impact.\\n\\nThe breach, which happened on September 20, didn\u2019t involve a direct attack on Discord\u2019s servers. Instead, attackers gained access through a customer support partner. Criminals claimed they breached Zendesk, the help desk service Discord uses for customer support, according to reports.\\n\\nAttackers stole data including real names, Discord usernames, email addresses, and other contact details provided to customer support. The breach appears to have been financially motivated and included a ransom demand.\\n\\nIn some cases, \u201climited billing information\u201d was also taken\u2014including payment type, the last four digits of credit card numbers, and purchase histories. Customer IP addresses and messages with support agents were also exposed.\\n\\nMore concerning is that some users had especially sensitive information stolen. Discord said in its advisory:\\n\\n\\u003e \u201cThe unauthorized party also gained access to a small number of government-ID images (e.g., driver\u2019s license, passport) from users who had appealed an age determination. If your ID may have been accessed, that will be specified in the email you receive.\u201d\\n\\nAttacks like this show how large the fallout can be when consumer-focused services are hit. \\n\\nDiscord, once known mainly for gaming communities, now hosts more than 200 million monthly active users and is widely used by companies to host customer and community channels.\\n\\nAccording to vendor risk management firm Rescana, the attackers identified themselves as Scattered Lapsu$ Hunters (SLH). BleepingComputer reported this too, but later said SLH changed its story, pointing to another group it knows and interacts with.\\n\\nThe problem with these kinds of groups is that they often share techniques and even members, muddying the waters.\\n\\nRescana described SLH as a coalition\u2014combining tactics from Scattered Spider, Lapsu$, and ShinyHunters: groups known for stealing data from third-party partners like support vendors or software suppliers. The attacks relied on social engineering rather than malware.\\n\\nDiscord disclosed the incident 13 days later, on October 3. It has since revoked its support provider\u2019s access, launched an internal investigation with a forensics firm, and notified affected users.\\n\\nThe company reminded users that any communication about the breach will come only from `noreply@discord.com` and that it will never call users directly.\\n\\n* * *\\n\\n**We don ‘t just report on data privacy\u2014we help you remove your personal information**\\n\\nCybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.”,”published”:”2025-10-07T08:34:47″,”modified”:”2025-10-07T08:34:47″,”type”:”malwarebytes”,”title”:”Discord warns users after data stolen in third-party breach”,”source”:””,”references”:””,”id”:”MALWAREBYTES:2636ADC21D9566A86168F520128D776E”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/10\/discord-warns-users-after-data-stolen-in-third-party-breach”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-07T10:08:25″,”description”:”Popular social platform Discord has suffered a data breach\u2014though technically, it wasn\u2019t Discord itself that was hacked. A third-party customer support provider was compromised, allowing…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-20473","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n