With these digital keys in hand, the hackers gained unfettered access to Discord's customer support system. For 58 critical hours between September 22 and September 24, 2025, they were free to browse and syphon sensitive user data from support tickets before their intrusion was finally detected and their access severed.
Following the breach, the Scattered Lapsu$ Hunters took to Telegram, boasting of a massive 1.5-terabyte data haul that included over two million ID photos. The group's apparent strategy was to inflate the numbers, create mass panic, and pressure Discord into meeting their ransom demands.
However, Discord has publicly refuted these claims, labelling them part of a blatant extortion attempt. According to the company's official investigation, the compromised data, while serious, was more limited:
Government-Issued IDs: The most sensitive data reportedly compromised. Approximately 70,000 users who submitted a photo of their ID for an age-related appeal may have had their images exposed. This includes passports and driver's licences.
Personal and Account Information: Other data linked to customer support interactions was also reportedly breached, including users' names, Discord usernames, and email addresses.
Limited Billing and Technical Data: The last four digits of some users' credit cards and their IP addresses were also potentially exposed.
Support Communications: Transcripts of conversations between users and the customer support team were compromised.
Crucially, Discord has been firm that the breach did not include account passwords, full credit card numbers, or any private messages and server chats outside of the customer support system.