Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Discord user data leak after third-party support breach

Data Leak
First reported
Last updated
Happening score
H score 27
2 unique sources, 4 articles

Summary

Hide ▲

A third-party customer service breach exposed partial payment information and personally identifying data for a limited number of Discord users, creating fraud and identity-theft risk. The exposed records involved users who contacted customer support or Trust and Safety. The compromise occurred on September 20 and was disclosed publicly on Friday.

Related Happenings

7-Eleven franchisee-docs and Salesforce data leak

Data Leak
First: 18.05.2026 14:25 Last: 18.05.2026 14:25 Sources 1

About this happening: **7-Eleven** confirmed a **April 8, 2026** intrusion into systems used to store **franchisee documents**, and **ShinyHunters** later claimed the theft of **more than 600,000 Sales...

Latest development: 26.05.2026 10:01

Have I Been Pwned analyzed the leaked 7-Eleven data and estimated that the breach exposed personal information for 185,300 people, including names, dates of birth, unique email addresses, phone numbers, and physical addresses. The exposed archive was tied to ShinyHunters' extortion campaign against 7-Eleven and followed the group's leak-site posting after ransom demands were not met.

Open Happening

Instructure hit by cyberattack

Incident
First: 04.05.2026 01:16 Last: 04.05.2026 01:16 Sources 1

About this happening: **Instructure** disclosed a **cybersecurity incident** that exposed user information and prompted an investigation with outside experts and law enforcement. The event matters beca...

Latest development: 14.05.2026 23:19

The House Committee on Homeland Security and the US Senate Committee on Health, Education, Labor, and Pensions sought briefings from Instructure over the Canvas compromise, pressing the edtech vendor on whether it paid a ransom, what data was affected, how it handled the recent attacks, and whether the incident was linked to a prior Salesforce compromise.

Open Happening

BlackFile victims' Salesforce and SharePoint data leak

Data Leak
First: 24.04.2026 21:26 Last: 24.04.2026 21:26 Sources 1

About this happening: BlackFile's **stolen documents** were published on a **dark web leak site**, exposing employee and business records taken from **Salesforce** and **SharePoint** environments. The...

Open Happening

ManoMano customer data leak from subcontractor

Data Leak
First: 26.02.2026 19:35 Last: 26.02.2026 19:35 Sources 1

About this happening: The **ManoMano** data leak exposed personal data linked to **38 million individuals** after unauthorized access to a **third-party customer service provider**. The exposed records...

Open Happening

Discord hit by network compromise

Incident
First: 04.10.2025 14:16 Last: 04.10.2025 14:16 Sources 1

How related: “An unauthorized party targeted our third-party customer support services to access user data, with a view to extort a financial ransom from Discord,”

About this happening: Discord confirmed a **third-party customer service system compromise** that gave an unauthorized party **limited access** to support infrastructure used by the company. The incide...

Open Happening

Timeline

  1. 04.10.2025 14:16 2 articles · 7mo ago

    Discord user data compromised through third-party support access

    Victim Impact Update

    An unauthorized party gained limited access to a third-party customer service system used by Discord on September 20 and stole partial payment information and personally identifying data for a limited number of users who contacted customer support or Trust and Safety. Exposed data included real names, usernames, email addresses, other contact details, IP addresses, messages, attachments, photos of government-issued identification documents, and partial billing information such as payment type, last four credit card digits, and purchase history.

    Show sources
    Open in new tab
  2. 04.10.2025 14:16 1 articles · 7mo ago

    SLH claims Discord Zendesk breach

    Attribution Update

    Scattered Lapsus$ Hunters (SLH) claimed they breached a Zendesk instance used by Discord for customer support and said that access let them steal Discord user data; an image they posted showed a Kolide access control list for Discord employees with access to the admin console.

    Show sources
    Open in new tab
  3. 03.10.2025 03:00 2 articles · 7mo ago

    Discord publicly discloses the breach and begins response actions

    Initial Disclosure

    Discord publicly disclosed the incident on Friday, said it isolated the support provider from its ticketing system, launched an internal investigation, engaged a leading computer forensics firm, and involved law enforcement. Discord also told affected users that the unauthorized access had affected a limited number of users, and the attackers demanded a ransom in exchange for not leaking the stolen information.

    Show sources
    Open in new tab