Discord Data Breach: 5CA Named as Vendor Behind Leak of 70,000 IDs — But Denies Wrongdoing

Just when you think the Discord data breach is coming to an end, a new twist emerges about the security incident that exposed the information and ID photos of over 70,000 users worldwide.

Discord has now named 5CA, a third-party service provider, as the vendor at the root of the problem. However, 5CA denies any wrongdoing, saying that its systems haven’t been hacked.

How a Vendor Became the Weak Link According to Discord

Discord disclosed on Oct. 3, 2025, that an unauthorized party gained access to one of its third-party customer service providers, which in turn affected users who had interacted with Customer Support or Trust & Safety.

In an updated statement on Oct. 9, Discord formally stated that 5CA, a Netherlands-based customer experience firm, was the provider involved in the data breach.

The attackers, who identified themselves as the Scattered Lapsus$ Hunters (SLH), allegedly breached 5CA’s support ticket environment and took 1.6 terabytes of data. They claimed to have accessed internal dashboards, some payment information, and even government ID images used for age verification.

5CA Pushes Back

Following Discord’s statement, 5CA issued a denial, stating that:

“We are aware of media reports naming 5CA as the cause of a data breach involving one of our clients. Contrary to these reports, we can confirm that none of 5CA’s systems were involved, and 5CA has not handled any government-issued IDs for this client. All our platforms and systems remain secure, and client data continues to be protected under strict data protection and security controls.”

While Discord insists that 5CA’s environment was the initial breach vector, 5CA says that there’s no evidence of an internal failure on their part.

“Based on interim findings, we can confirm that the incident occurred outside of our systems and that 5CA was not hacked.”

What makes 5CA’s statement interesting is that the company says it doesn’t handle government-issued IDs on behalf of Discord, which would mean they can’t be the source.

5CA also claims that “the incident may have resulted from human error, the extent of which is still under investigation.”

What Discord Users Should Do

Discord users are now in a difficult situation because they will have to be extra careful in the next few months, and take security measures.

• Verify official communications. Discord will never call users about security issues. Official messages come only from [email protected].
• Enable Multi-Factor Authentication (MFA). This prevents account takeover even if personal data leaks.
• Watch for phishing attempts. Criminals often exploit breaches to collect passwords and payment data.
• Monitor credit and identity reports. Government ID images can be used for identity theft or fraud.

Stay Ahead of Third-Party Breaches

Even if your data wasn’t directly exposed in this breach, supply-chain attacks like these are becoming common.

Bitdefender Digital Identity Protection continuously scans the dark web for stolen data, alerts you to new breaches that involve your personal information, and provides actionable recovery steps if your identity is compromised.

Discord Data Breach FAQ  

Was Discord directly hacked?
No. Discord confirmed that its internal systems were not breached. The intrusion occurred through 5CA, a third-party customer service provider, claims Discord.

What information was exposed?
Names, emails, Discord usernames, IP addresses, and customer support interactions. Around 70,000 users’ government ID images may have been accessed.

Did 5CA admit responsibility?
No. 5CA denied wrongdoing, claiming the attack did not take place within its infrastructure and that they weren’t hacked. In fact, the company said it doesn’t even collect or interact with government IDs on behalf of Discord.

Who is behind the attack?
A hacking group calling itself Scattered Lapsus$ Hunters (SLH) claimed responsibility and tried to extort Discord for ransom.

How can users protect their data?
Enable MFA, be skeptical of unsolicited messages, and use identity-monitoring tools like Bitdefender Digital Identity Protection to detect if your data appears in breaches.