NEWNow you can listen to Fox News articles!
In 2025, it appears that cybercriminals are winning and the world's largest data hoarders are losing. One by one, the world's giants are admitting that they have been hacked by the tech giants. like Google insurance leaders such as Allianz and Farmers, and even luxury brands such as Dior. The latest company to report a hack was Discord. The popular chat platform has confirmed that hackers have gained access to 5CA's third-party customer support team. disclosure of user data including names, email addresses, limited payment information, and even images of government IDs.
Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
LARGE COMPANIES, INCLUDING GOOGLE AND DIOR, LOST A LARGE-SCALE SALES EMPLOYEE DATA LEAK
Hackers have attacked Discord's support team, exposing sensitive user data around the world. (Phil Barker/Future Publishing via Getty Images)
How the leak occurred and what data was exposed
The company confirmed that the hack, which occurred on September 20, did not involve a direct attack on Discord servers. Instead of, attackers gained unauthorized access 5CA, one of Discord's third party service providers. This allowed them to view information from users who contacted Discord's customer service or trust and safety groups.
Discord is a chat app primarily used by gamers, but it has expanded to other communities, allowing text messages, voice chats, and video calls. Some even use it as a replacement for Slack. The platform currently has a monthly user base of over 200 million. The data provided included Discord usernames, real names, email addresses, limited payment details such as payment type and last four digits of credit cards, IP addresses, and messages exchanged between customer service agents. In some cases, images of government IDs provided for age verification were also compromised. Discord estimates that around 70,000 users around the world may have seen government ID photos.
Reports say that attackers tried to use this access to demand a ransom from Discord. Bleeping Computer reported that the threat group Scattered Lapsus$ Hunters (SLH) claimed responsibility for the attack earlier this month. This is the same group that claims to have access to over a billion Salesforce records and is demanding ransom for them.
Parent Company of JEEP AND CHRYSLER STELLANTIS CONFIRMS DATA PACKAGING
Around 70,000 users have had their ID images stolen in the latest third-party data breach. (Tiffany Hagler-Gard/Bloomberg via Getty Images)
What Discord is doing now and what users should do next
Discord reported the incident 13 days later, on October 3. It has since cut off access to the third-party support provider, launched an internal investigation with the help of a digital forensics team, and began informing affected users. He also clarified that any reports of the hack will only come from [email protected] and that he will never contact users by phone regarding this incident. The company added that some data remained secure: full credit card numbers, CCV codes, account passwords and activity outside of customer service conversations were not exposed.
Discord also said it has notified the appropriate data protection authorities about the breach, is working closely with law enforcement, and is reviewing its third-party providers to ensure they meet enhanced security and privacy standards in the future.
A Discord spokesperson issued a statement saying, in part: “We want to address the inaccurate claims made by those responsible that are circulating online. First, as stated in our blog post, this was not a violation of Discord, but rather a third-party service that we use to support our customer service efforts. Secondly, the reported numbers are incorrect and are part of an attempt to extort payment from Discord. Of the affected accounts worldwide, we have identified approximately 70,000 users. which may have posted government ID photos that our provider used to process age-related appeals. Third, we will not reward those responsible for their illegal actions. All affected users worldwide have been contacted and we continue to work closely with law enforcement, data protection authorities and external security experts. We have secured the affected systems and stopped working with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concerns this may cause.”
Discord is cutting ties with vendor 5CA and stepping up security investigations. (Kurt “CyberGuy” Knutsson)
6 Steps You Can Take to Stay Safe After a Discord Hack
If you think your information may have been compromised in a Discord data breach, below are some steps you can take to stay safe.
1) Enable two-factor authentication.
Two-factor authentication (2FA) adds an additional verification step when you log in, making it much more difficult for attackers to access your account, even if they have your password. Discord supports 2FA via authentication apps or SMS. Once enabled, you will receive a code every time you log in from a new device. This simple step will help prevent account takeovers and give you peace of mind.
2) Consider using a personal data removal service.
The less information available about you, the harder it is for attackers to attack you. Review what personal data you've shared online and remove unnecessary data from websites and apps. An identity removal service can help remove your information from data broker sites, making it difficult for attackers to connect the dots and launch identity theft or phishing attacks.
While no service promises to remove all of your data from the Internet, having a removal service is useful if you want to continually monitor and automate the process of removing your information from hundreds of sites continuously over a long period of time.
Check out my top data removal services and get a free scan to see if your personal information has already been published online by visiting Cyberguy.com.
Get a free scan to see if your personal information has already been published online: Cyberguy.com
3) Use strong and unique passwords for all accounts.
Reusing passwords across platforms makes it easier for attackers to gain access to multiple accounts if one password is compromised. A password manager can generate long and complex passwords and store them securely so you don't have to remember them all. This protects not only your Discord account, but also your email, banking and other online services.
Next, check to see if your email has been compromised in past hacks. Our #1 password manager (see. Cyberguy.com) Pick includes a built-in breach scanner that checks to see if your email address or passwords have been involved in known breaches. If you find a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best password managers of 2025, reviewed by experts, at Cyberguy.com
4) Monitor accounts for suspicious activity
Even if you don't see immediate signs of compromise, attackers may try to use the stolen data later. Regularly check your email and Discord login history for unusual logins. Services like identity theft protection can scan the dark web for your credentials and immediately alert you if they appear, helping you respond quickly before serious damage occurs.
Identity theft companies can track personal information such as your Social Security Number (SSN), phone number, and email address and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.
Check out my tips and best practices on how to protect yourself from identity theft at Cyberguy.com.
5) Be careful with emails, messages or links and use strong antivirus software.
Phishing attacks often intensify following breaches. Attackers may send messages that appear to be legal notices, asking you to reset your password or provide personal information. Always verify the sender, avoid clicking on unknown links, and never share sensitive information. Treat every unexpected message as suspicious, even if it appears to come from Discord or another trusted service.
The best way to protect yourself from malicious links that install malware and potentially access your personal information is to install powerful antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.
Get my picks for 2025's top antivirus protection winners for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
6) Keep devices and software up to date.
Attackers often use outdated software and known vulnerabilities. Make sure your operating system, applications, and antivirus software are up to date.
CLICK HERE TO GET THE FOX NEWS APP
Kurt's Key Takeaway
If recent breaches are any indication, the third-party services that companies rely on are often the weakest link in cybersecurity. Discord's steps to contain the situation are necessary, but they highlight a larger problem. Many companies do not implement sufficient security measures to protect sensitive user data. Weak oversight of third-party providers, delayed responses, and inadequate security policies leave personal information exposed and vulnerable to attackers.
Should companies bear more responsibility for violations committed by third-party suppliers? Let us know by writing to us at Cyberguy.com
Subscribe to my FREE CyberGuy Report
Get my best tech tips, breaking security alerts, and exclusive offers straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright CyberGuy.com 2025. All rights reserved.
:quality(85):upscale()/2025/10/15/890/n/1922729/bf7cd5ea68f0025dcdedd7.39551826_.png?w=150&resize=150,150&ssl=1 "The Best Home Gym Essentials, Including Editor Favorites")
