Discord Data Breach Reportedly Impacts Over 10 Million Users

A freshly filed data breach notice claims that more than 10 million Discord users could be affected by a security lapse, but the report has drawn scrutiny because several details published by the authorities seem unusual or inconsistent.

The communication platform allegedly experienced a breach connected to “insider wrongdoing,” according to the notice sent to the Maine Attorney General’s Office. The filing, which went up on the regulator’s website on Monday this week, allegedly revealed that Discord users’ personal information might have been compromised.

The notice further states that the alleged breach occurred on July 9, 2024, and was discovered on August 2, 2025. However, the report provides few technical details and does not include a public copy of any notification letter sent to affected individuals. According to the filing, the exposed information involved “name or other personal identifier,” with no further details disclosed about the specific data types allegedly affected. 

The report also noted that no identity theft protection services were offered to affected individuals, a detail described as suspicious given the scale of the alleged breach. The filing was reportedly submitted by a person named Xavier Morrison using a personal email address, while the listed phone number appears to be fake. The article further notes that the dates in the report do not appear to align, as the filing states that notifications to affected individuals began in the 2000s.

With over 10 million people compromised, according to the breach filing, it is unclear how many Maine residents were affected. If more than 1,000 Maine individuals were impacted, the report does not specify if consumer reporting agencies were informed.

Despite the enormous scope of the purported breach, Cybernews pointed out that it is technically feasible given that Discord has over 750 million (75 crore) registered accounts globally and over 260 million (26 crore) monthly active users.

Additionally, the publication noted that breach reports are sent to the Maine Attorney General via an online form, which begs the question of whether submitted forms are examined before becoming live. Cybernews said that it has requested clarification from the Maine Attorney General as well as Discord.

The recent claim that a Discord breach affected 1 crore users should not be mistaken for the platform’s verified security incident disclosed in October 2025, which involved third-party customer service provider 5CA. Discord confirmed that about 70,000 users had images of their government-issued IDs, submitted during age-verification appeals, exposed in the incident.

At the time, a ransomware group known as Scattered Lapsus$ Hunters attempted to extort the company, alleging it had stolen 1.5 terabytes of data impacting 5.5 million users. Discord rejected those figures, stating that the threat actors had exaggerated the scale of the breach in an effort to gain financial leverage.

Discord stressed that a vendor that managed customer service and Trust & Safety operations was impacted by the previous incident rather than a direct penetration of its systems. Discord claims that just a small percentage of users who had spoken with customer service representatives were impacted by that incident.

The company disclosed that around 70,000 users worldwide may have had images of their government-issued IDs exposed during reviews of age-verification appeals. Earlier in May, the cybercrime group Lapsus$ claimed it had breached a third-party customer support system used by Discord. However, researchers at Cybernews who examined the allegations said the claims appeared questionable and were likely not credible.

To put it briefly, a fresh breach impacting 10 million Discord users is not supported by any confirmed information. Instead of being an official business declaration, the document seems to be an unlawful submission made by an individual.