A newly filed data breach notice has claimed that more than 10 million (1 crore) Discord users may have been affected by a security incident, but the report has raised questions because several details published by the authorities appear unusual or inconsistent.
The notice was filed with the Maine Attorney General’s Office and alleges that the communication platform suffered a breach linked to “insider wrongdoing.” According to the report, the filing went live on the regulator’s website on June 8 and claimed that personal information of Discord users may have been exposed.
FCRF’s Flagship Cyber Law Certification Returns With a New Four-Week Cohort
Suspicious Filing Raises Questions
The notice states that the alleged breach occurred on July 9, 2024, and was discovered on August 2, 2025. However, the report provides few technical details and does not include a public copy of any notification letter sent to affected individuals.
According to the filing, the exposed information involved “name or other personal identifier.” No further details were disclosed about the specific data types allegedly affected. The report also noted that no identity theft protection services were offered to affected individuals, which was described as suspicious given the scale of the alleged breach.
The filing was reportedly submitted by a person named Xavier Morrison using a personal email address. The listed phone number appears to be fake. The article also notes that the dates in the report do not appear to align, as the filing states that notifications to affected individuals began in the 2000s.
More Than 10 Million Users Claimed Affected
The breach information published in the filing lists the total number of affected individuals as over 10 million, while the number of Maine residents affected is marked as unknown. The report does not clarify whether consumer reporting agencies were notified if the number of Maine residents exceeded 1,000.
Cybernews noted that while the scale of the alleged breach is very large, it is technically possible because Discord has more than 750 million (75 crore) registered accounts globally and approximately 260 million (26 crore) monthly active users.
The outlet said breach reports are submitted to the Maine Attorney General through an online breach report form, raising questions about whether submitted forms are reviewed before they appear online. Cybernews said it had reached out to Discord and the Maine Attorney General for clarification.
Discord’s Earlier Security Incidents Cited
The article also referred to Discord’s previous cyber incidents, including a confirmed security incident involving one of its external service providers. In a public statement published on October 9, 2025, Discord said it had discovered unauthorised access involving 5CA, a third-party customer support vendor.
Discord had emphasised that the earlier incident was not a direct breach of its systems but affected a vendor that handled customer support and Trust & Safety operations. According to Discord, that incident affected a limited number of users who had communicated with customer support teams.
The company also reported that approximately 70,000 users globally may have had government-issued ID photos exposed during age-verification appeal reviews. In May, the Lapsus$ cybercrime group claimed to have compromised a third-party customer support environment used by Discord, but Cybernews researchers who reviewed the claims found them suspicious and likely not legitimate.
