Discord Data Breach Affects Thousands of Users

On Sept. 25, 2025, Discord Inc. discovered a data breach that exposed sensitive personal information of users after a third party gained unauthorized access to the company’s customer service platform. The incident began when a vendor’s device was compromised, allowing the unauthorized party to access Discord’s customer service systems between Sept. 20 and Sept. 22.

The breach was detected and contained on Sept. 22, but not before personal data was potentially accessed. The types of information exposed in this breach are significant and include both personally identifiable information (PII) and sensitive account details.

Impacted data may include name, address, phone number, email address, Discord username, date of birth, photo of a driver’s license or other state or government-issued ID if provided, limited payment information (payment type, last four digits of credit card, purchase or refund history), IP addresses, as well as messages and attachments sent to Discord’s Customer Support or Trust & Safety agents.

This breach affected at least 1,425 individuals in Texas and 39 in New Hampshire. The company has notified the Attorney General's offices in Texas, California and New Hampshire. Discord publicly disclosed the incident in a press release on its website.

The severity of this breach is notable due to the breadth of information exposed and the method of attack. The compromise occurred through a third-party vendor, highlighting the risks associated with vendor access and supply chain vulnerabilities.

Discord Inc.'s response

In response to the breach, Discord immediately initiated incident response protocols, revoked the compromised vendor’s access to the customer service platform and brought in a leading digital forensics firm to investigate and remediate the situation. The company notified law enforcement and has continued to assist with their investigation.

Discord is offering affected individuals complimentary access to Experian IdentityWorks for 12 months, which includes credit monitoring, identity restoration support and $1 million in identity theft insurance. Details on how to enroll in this service were provided in the official notice sent to affected users.

Discord also encourages everyone to remain vigilant for suspicious emails or messages, avoid clicking on unexpected links or attachments and to review account statements and credit history for unauthorized activity.

The company recommends that affected users consider placing a fraud alert or credit freeze with the major credit bureaus and provides contact information for Equifax, Experian and TransUnion in their notice. Additional guidance on protecting personal information and steps to take in case of suspected identity theft is also included in the notice to consumers.