– For todayNow you can listen to FOX news headlines!
In 2025, it feels like cybercriminals are winning while the world’s biggest data hoarders are losing. One, global domains agree to be breached, from Tech Powerhouses like Google to insurance leaders like Allianz and farmers and even luxury brands like Dior. The latest company to report breaking the dispute. The popular chat platform confirmed that hackers gained access to a third-party customer support provider, 5ca, exposing user data including names, email addresses, limited payment information and government ID photos.
Sign up for my free cyberGuy newsletter
Get my best tech tips, emergency security alerts and special deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – Free when you join mine CyberGuy.com newsletter.
Big companies, including Google and FIOR, hit by Massive Salesforce Data Break
Hackers hit Discord’s support vendor, exposing sensitive user data worldwide. (Phil Barker / Future Publishing via Getty Images)
How the breach occurred and what data was exposed
The company confirmed that the breach, which occurred on September 20, did not involve a direct attack on Discord’s servers. Instead, the attackers gained unauthorized access to 5ca, one of Discord’s customer service providers. This allowed them to view information from users who had reached out to Discord’s Customer Support or Trust and Security groups.
Discord is a chat application used by gamers, but it has also expanded to various other communities, enabling text messages, voice chats and video calls. Some even use it instead of slack. The platform currently has a monthly user base of over 200 million. Data disclosed by Discord Perser Names, real names, emails, payment information limited to payment type and four digits of credit card numbers, IP addresses and messages exchanged by customer service agents. In some cases, government ID photos provided for age verification were also compromised. Discord estimates that about 70,000 users may have been exposed to government ID photos.
Reports suggest attackers tried to use this access to demand ransom from the administration. An emerging computer reported that the splinter group Lappus$Haunters (SLH) claimed responsibility for the attack earlier this month. This is the same group that claims to have access to over a billion records and is demanding their ransom.
Jeep and Chrysler Prent Stellantis confirms data breach
An estimated 70,000 users had their photo IDs stolen in the latest external data breach. (Tiffany Harfler-Geard/Bloomberg via Getty Images)
What is the difference being made now and what should users do next
Undelay disclosed this incident after 13 days, on October 3. Since then, we have determined the access to the support provider for this period, launched an internal investigation with the digital forensics team and started to inform the affected users. It also clarified that any communication about the breach will only come from noreply@discord.com and that it will not contact users by phone regarding the incident. The company added that other information remains safe: Full numbers of credit cards, CCV codes, account passwords and work without customer support conversations are not disclosed.
Discord also said it has notified the appropriate data protection authorities about the breach, is working closely with law enforcement, and is evaluating its third-party vendors to ensure they meet its advanced security and privacy standards going forward.
The representative issued a statement, saying in part, “We want to deal with the inaccurate claims of those who are responsible for violating our payment. It is for nothing to get our payment from the refund. Government ID photos were exposed, when our seller is used to review age-related complaints. Third, we will not allow those who are responsible for their illegal actions, and we continue to work with the sellers involved in the world.”
Healing reduces the relationship with the 5ca vendor and strengthens its security investigation. (Kurt “cyberguy” Knutsson)
6 steps you can take to stay safe after a discord breach
If you think your information may have been included in the discord database, below are some steps you can take to protect yourself.
1) Enable two-factor authentication
Two Factor Authentication (2FA) It adds an extra authentication step when you sign in, making it more difficult for attackers to access your account even if they have your password. Discord supports 2fa via verified apps or SMS. If enabled, you will receive a code every time you sign in from a new device. This simple step can prevent account activation and give you peace of mind.
2) Consider a personal data removal service
The less information that is available about you, the harder it is for attackers to target you. Review what personal information you share online and remove unnecessary data from websites and apps. A personal data removal service can help scrape your information from Broker sites, making it more difficult for attackers to connect the dots and open up identity theft or identity attacks.
Although no service promises to remove all your information from the Internet, having a removal service is great if you want to constantly monitor and change the process of removing large amounts of information periodically over a long period of time.
Check out my top picks for data removal services and get a free scan to find out if your data has already appeared on the web by visiting CyberGuy.com
Get a free Scan to find out if your information has already appeared on the web: CyberGuy.com
3) Use strong, unique passwords for all accounts
Reusing passwords across platforms makes it easier for attackers to access multiple accounts if one password is compromised. A password manager can generate long, complex passwords and store them securely, so you don’t have to remember them all. This not only protects your discord account but also your email, banking and other online services.
Next, check if your email was displayed in the previous checkout. Our #1 password manager (see CyberGuy.com) Select includes a built-in scanner that checks if your email address or passwords appear in known leaks. If you find a game, immediately change any reused passwords and secure those accounts with new, different credentials.
Check out the best discount password managers reviewed in 2025 at CyberGuy.com
4) monitor accounts for suspicious activity
Even if you don’t see immediate signs of compromise, attackers can try to exploit the stolen data later. Always check your email history and Discord Login for unusual login history. Services like Identity Protection can scan the dark web for your evidence and notify you immediately when it appears, helping you react quickly before serious damage occurs.
Identity theft companies can look for personal information such as your social security number (SSN), phone number and email address and alert if it is sold on a dark account or used to open an account. They can also help you secure your bank accounts and credit cards to prevent unauthorized use by criminals.
See my tips and top picks on how to protect yourself from identity theft at CyberGuy.com
5) Be careful with emails, messages, or links and use strong antivirus software
Phishing attacks often come after a breach. Attackers can send messages that look like legitimate notifications asking you to reset your password or provide personal information. Always verify the sender, avoid clicking unknown links and never share sensitive information. Treat every unexpected suspicious message, even if it appears to be from a watch or other trusted service.
The best way to protect yourself from malicious links that contain malware, possibly accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransom scams, keeping your information and digital assets safe.
Find my pick of the best antivirus winners for antivirus protection for your Windows, Mac, Android and IOS devices at CyberGuy.com
6) Keep devices and software up to date
Attackers often exploit outdated software and known vulnerabilities. Ensure your operating system, applications and antivirus software are up to date.
Click here for the FOX News app
Kurt’s key
If recent breaches are any indication, the third-party services companies rely on are often the weak link in cybersecurity maturity. Discord’s measures to contain the situation are necessary, but they underscore a larger problem. Many companies do not implement adequate safeguards to protect sensitive user data. Weak oversight of third-party providers, delayed responses and inadequate security policies leave personal information exposed and vulnerable to attackers.
Should companies be held accountable for breaches caused by third-party providers? Let us know by writing to us CyberGuy.com
Sign up for my free cyberGuy newsletter
Get my best tech tips, emergency security alerts and special deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – Free when you join mine CyberGuy.com newsletter.
Copyright 2025 cyberguy.com. All rights reserved.
