Discord has confirmed a significant user data breach. The company explained that the incident was not related to its own servers, but to an attack on contractor 5CA, which provides support services.
According to the company's assessment, approximately 70,000 users worldwide were affected. Scans of documents—passports, IDs, and driver's licenses—were stolen. Hackers also gained access to contact information, including names, nicknames, email addresses, IP addresses, correspondence with technical support, and some payment information—the last four digits of card numbers and purchase history.
Discord clarified that passwords, CVV codes, and personal messages were not stolen. The company is cooperating with the police and intends to notify all affected parties.
However, according to Cyber Security News, the scale of the incident may be much larger. The Lapsus$ Hunters group claimed to have stolen 1.5 terabytes of data—over 2.1 million document scans and information about 5.5 million users. According to their information, the attackers had access to the database for about 58 hours, using the hacked account of one of 5CA's consultants. Experts note that such cases have become more frequent: hackers are increasingly attacking contractors rather than large companies with strong defenses.
