Discord, one of the world's most popular messaging platforms, has recently confirmed a worrying personal data leak following a cyberattack aimed at one of its external support providers. The incident, which occurred on September 20 and was publicly reported as of October 2025, has exposed sensitive information about around 70,000 users who interacted with Discord's customer service teams and trust and security departments.

What data was compromised in the Discord attack?

Unlike other security breaches, the attack did not affect Discord's main servers, but instead exploited a vulnerability in a partner company that manages user requests and verifications. The leaked data includes:

  • Real names and Discord usernames
  • Emails and IP addresses
  • The last four digits of cards used for purchases and partial billing information
  • History of purchases made on the platform
  • Messages and attachments sent to trusted support and team
  • Images of official documents (ID, passports or driver's licenses) used for age verification
  • Internal material and presentations used for internal training

Discord has emphasized that passwords, complete card information or access data were not compromised. Only those who carried out support procedures or age checks have been affected, and all users involved will receive an email notification from official company accounts.

Impact and Risks: Phishing, Impersonation and Fraud

The theft of identity documents and personal data represents a high risk for affected users: it allows for more credible phishing campaigns, attempts at fraud and impersonation, as well as the sale of stolen data in illegal forums. Cybersecurity experts warn that the news of the leak can be used to launch new malicious campaigns.

Discord is collaborating with authorities and has revoked access to the compromised provider, reinforcing surveillance on all of its external services.

What to do if you've been affected by the Discord leak?

  • Check emails received from official Discord addresses and be wary of strange notifications.
  • Change your passwords immediately if they match other services and activate two-step authentication.
  • Watch for any targeted phishing attempts, especially if you receive emails using your leaked information.
  • Check regularly for updates on the official Discord blog and follow the security recommendations.

Do you want to know if your company or digital community is truly protected?

🛡️ At Apolo Cybersecurity we offer audits and training to detect vulnerabilities in all links of your digital ecosystem.

Prev Post
Next Post

Any questions?
We're happy to help!

CONTACT US TODAY!
info@apolocybersecurity.com
Data Controller: Apolo Analytics SL
Purpose: To process your request and respond to your message.
Legal Basis: Consent of the interested party upon submitting the form.
Recipients: Data will not be transferred to third parties, except under legal obligation.
Rights: You may exercise your rights of access, rectification, and deletion, among others, by sending an email to secretaria@apolocybersecurity.Com.
Additionall information: You can view the full information on our Privacy Policy.

Thank you!

Your message has been successfully received.
Oops! Something went wrong when submitting the form.
We are waiting for you!
Schedule a call
Project photo
send us an email
Project photo
+34 937948378
Project photo
Carrer de Sant Joan de la Salle 42, Barcelona, spain
Project photo
FAQScontactTERMS AND CONDITIONSWork with Us
Accelerated by:
Certifications:
Light Eyes is part of Apolo Cybersecurity
LEGAL NOTICEPRIVACY POLICYCookies
Privacy Settings
Copyright © 2025 Apollo Cybersecurity