Discord has confirmed that a third-party vendor, 5CA, was breached, leading to the exposure of sensitive user data including government IDs as part of a ransom attempt by cybercriminals. The breach, which occurred on September 20, 2025, involved unauthorized access to the customer support provider’s systems, allowing attackers to access user details like names, emails, limited billing information, and government ID images for age verification. The Scattered Lapsus$ Hunters (SLH) threat group, known for targeting large data sets such as those of Salesforce, claimed responsibility for the breach. Discord has since suspended the vendor, initiated an internal investigation, and begun informing affected users, while emphasizing that full credit card details, CCV codes, and passwords remained secure. The company has also notified relevant data protection authorities and is collaborating with law enforcement and security experts to address the breach and strengthen security protocols with third-party vendors.
Discord, a popular chat platform primarily used by gamers but also adopted by various communities, has over 200 million monthly users. The breach has raised alarm among cybersecurity experts, highlighting the risks associated with relying on third-party services for data handling. While Discord has taken steps to secure the affected systems and cease operations with the compromised vendor, the incident underscores the broader issue of vulnerabilities in third-party data management. Companies increasingly rely on external services, but insufficient oversight and delayed responses to breaches can lead to significant data exposure. Cybersecurity experts warn that such incidents may become more frequent as attackers target vulnerabilities in the supply chain rather than directly attacking major corporations.
The breach also raises questions about the adequacy of regulatory frameworks in holding companies accountable for breaches caused by third-party vendors. Critics argue that current laws may not sufficiently enforce transparency and accountability for such incidents. Discord has acknowledged its responsibility to protect user data and has stated that it will not reward the attackers for their illegal actions. The company has advised users to take proactive measures to protect themselves, including enabling two-factor authentication (2FA), removing unnecessary personal data from online platforms, and using password managers to secure their accounts. Additionally, users are encouraged to monitor their account activity for any suspicious behavior and to use identity theft protection services to safeguard against further exploitation of leaked data.
Discord’s experience with the breach mirrors a growing trend where cybercriminals are increasingly targeting third-party vendors rather than directly attacking major corporations. This shift in tactics highlights the need for organizations to implement stronger security protocols and more rigorous audits of their external service providers. The incident has sparked a broader conversation about data privacy, corporate responsibility, and the role of regulatory bodies in ensuring that companies take adequate measures to protect user information. As such, the breach not only represents a significant cybersecurity event but also serves as a cautionary tale about the potential risks of outsource data handling and the importance of proactive cybersecurity measures in an increasingly interconnected digital landscape.