A Discord vendor hack has exposed user IDs, support chat logs, and limited billing information. The company confirmed that a third-party customer support partner was compromised, allowing attackers to access sensitive data. Discord stated that no passwords or complete account information were affected.
What Information Was Exposed
The breach impacted users who interacted with Discord’s Customer Support or Trust & Safety teams.
Exposed data included:
- Usernames, user IDs, and email addresses
- IP addresses linked to support tickets
- Support chat transcripts between users and Discord agents
- Partial billing data such as payment type and last four digits
- A small number of government ID images submitted for verification
Discord clarified that attackers did not access passwords, direct messages, or any other account activity outside the support platform.
How the Breach Happened
The Discord vendor hack occurred when threat actors infiltrated one of the company’s external support systems. The vendor used a separate ticketing platform that attackers exploited to gain entry.
Once the breach was detected, Discord immediately revoked the vendor’s access, alerted law enforcement, and began an internal investigation.
According to reports, the Scattered Lapsus$ Hunters (SLH) group claimed responsibility for the incident. They allegedly breached a Zendesk instance used to manage support tickets.
Discord has since contacted all affected users and informed data protection authorities. The company is also reviewing its vendor security controls to prevent future incidents.
Risks and Potential Impact
Even though passwords and messages were safe, the stolen data still poses risks.
Attackers could use email addresses, user IDs, and chat content for phishing and social engineering. ID images are particularly valuable for identity theft attempts.
Security experts warn that leaked support transcripts can reveal internal processes or personal user data — both useful to hackers.
How Users Can Stay Safe
- Check your email: Discord is contacting affected users directly.
- Enable 2FA: Use two-factor authentication to secure your account.
- Be alert for phishing: Avoid clicking links that claim to verify or restore your account.
- Limit data in support chats: Share only essential information when contacting support.
- Monitor accounts: Keep an eye on your connected payment methods and email accounts.
Conclusion
The Discord vendor hack highlights the growing risk of third-party vulnerabilities. Even when core systems remain secure, external providers can become weak points for data exposure.
Discord’s swift response limited the damage, but the incident serves as a reminder that user privacy depends not only on platform security — but also on the partners they trust.
0 responses to “Discord vendor hack exposed user IDs and support chats”