Discord disclosed that attackers gained unauthorized access to a third-party customer service system used by the company. As a result, sensitive user information was exposed, including names, Discord usernames, email addresses, IP addresses, partial payment details, and even the content of support messages and attachments.

Compounding the problem is Discord’s delayed and inconsistent response. Some users received notification emails within days, others including the author of this report did not receive any alert until October 3, nearly two weeks after the breach. Many users who previously interacted with Discord support report not being contacted at all. This staggered approach has left a large portion of the community vulnerable during the critical early period when exposed data is most likely to be exploited.