In 2025, it feels like cybercriminals are winning while the world’s biggest data hoarders are losing. One by one, global giants are admitting they’ve been breached, from tech powerhouses like Google to insurance leaders such as Allianz and Farmers and even luxury brands like Dior. The latest company to report a breach is Discord. The popular chat platform confirmed that hackers gained access to a third-party customer support provider, 5CA, exposing user data including names, email addresses, limited billing details and even government ID images.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

MAJOR COMPANIES, INCLUDING GOOGLE AND DIOR, HIT BY MASSIVE SALESFORCE DATA BREACH

How the breach happened and what data was exposed

The company confirmed that the breach, which occurred on September 20, did not involve a direct attack on Discord’s servers. Instead, attackers gained unauthorized access to 5CA, one of Discord’s third-party customer service providers. This allowed them to view information from users who had reached out to Discord’s Customer Support or Trust & Safety teams.

Discord is a chat app primarily used by gamers, but it has expanded to various other communities, enabling text messages, voice chats and video calls. Some even use it as a replacement for Slack. The platform currently has a monthly user base of over 200 million. The data exposed included Discord usernames, real names, emails, limited billing details such as payment type and the last four digits of credit cards, IP addresses and messages exchanged with customer service agents. In some cases, government ID images provided for age verification were also compromised. Discord estimates that around 70,000 users globally may have had government ID photos exposed.

Reports suggest the attackers attempted to use this access to demand a ransom from Discord. Bleeping Computer reported that the Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack earlier this month. This is the same group that claims to have access to over a billion Salesforce records and is demanding ransom for those as well.

JEEP AND CHRYSLER PARENT STELLANTIS CONFIRMS DATA BREACH

About 70,000 users had ID images stolen in the latest third-party data breach. (Tiffany Hagler-Geard/Bloomberg via Getty Images)

What Discord is doing now and what users should do next

Discord disclosed the incident 13 days later, on October 3. Since then, it has cut off the third-party support provider’s access, launched an internal investigation with a digital forensics team and started informing affected users. It also clarified that any communication about the breach will come only from noreply@discord.com and that it will never contact users by phone regarding this incident. The company added that some data remained safe: full credit card numbers, CCV codes, account passwords and activity outside of customer support conversations were not exposed.

Discord also stated that it has notified relevant data-protection authorities about the breach, is working closely with law enforcement and is auditing its third-party vendors to ensure they meet its enhanced security and privacy standards going forward.

A representative at Discord issued a statement, saying in part, “We want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions. All affected users globally have been contacted, and we continue to work closely with law enforcement, data protection authorities and external security experts. We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause.”

Discord cuts ties with vendor 5CA and tightens its security investigations. (Kurt “CyberGuy” Knutsson)

6 steps you can take to stay safe after the Discord breach

If you think your details might have leaked in the Discord data breach, below are some steps you can take to stay protected.

1) Enable two-factor authentication

Two-factor authentication (2FA) adds an extra verification step when logging in, making it much harder for attackers to access your account even if they have your password. Discord supports 2FA via authenticator apps or SMS. Once enabled, you’ll receive a code each time you log in from a new device. This simple step can prevent account takeovers and gives you peace of mind.

2) Consider a personal data removal service

The less information available about you, the harder it is for attackers to target you. Review what personal details you’ve shared online, and remove unnecessary data from websites and apps. A personal data removal service can help scrub your information from data broker sites, making it more difficult for attackers to connect the dots and launch identity theft or phishing attacks.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

3) Use strong, unique passwords for all accounts

Reusing passwords across platforms makes it easy for attackers to access multiple accounts if one password is compromised. A password manager can generate long, complex passwords and store them securely, so you don’t have to remember them all. This not only protects your Discord account but also your email, banking and other online services.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords, and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

4) Monitor accounts for suspicious activity

Even if you don’t see immediate signs of compromise, attackers can try to exploit stolen data later. Regularly check your email and Discord login history for unusual sign-ins. Services like identity theft protection can scan the dark web for your credentials and alert you immediately if they appear, helping you react quickly before serious damage occurs.

Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

5) Be cautious with emails, messages or links, and use strong antivirus software

Phishing attacks often spike after breaches. Attackers may send messages that look like official notifications asking you to reset your password or provide personal information. Always verify the sender, avoid clicking unknown links, and never share sensitive info. Treat every unexpected message as suspicious, even if it appears to come from Discord or another trusted service.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com. 

6) Keep devices and software up to date

Attackers often exploit outdated software and known vulnerabilities. Ensure your operating system, apps and antivirus software are current.

Kurt’s key takeaway

If the recent breaches are any indication, third-party services that companies rely on are often the weakest link in cybersecurity. Discord’s steps to contain the situation are necessary, but they highlight a bigger problem. Many companies do not implement sufficient safeguards to protect sensitive user data. Weak oversight of third-party providers, delayed responses and inadequate security policies leave personal information exposed and vulnerable to attackers.

Should companies be held more accountable for breaches caused by third-party providers? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

From Apple TV Plus to Peacock, a number of streaming services have recently increased their pricing — and Disney Plus is no exception. Starting on Tuesday, October 21st, the standalone plan with ads will jump from $9.99 to $11.99 a month, while the ad-free Premium tier will increase by $3 to $18.99 a month. The ad-free annual plan is also going up by $30, at which point it will cost $189.99 a year. Ouch.

Fortunately, though, there’s still time to lock in the lower rates. If you subscribe to a year of Disney Plus Premium before October 21st, you’ll pay $159.99 for a full year before the price hike goes into effect. The same goes for the monthly plans; if you subscribe now, you’ll only pay $15.99 a month for the ad-free plan or $9.99 a month for the ad-supported tier. After your first billing cycle, though, the new monthly and annual prices will apply automatically, so be sure to set yourself a reminder and mark your calendars if you don’t want to renew.

Aside from ads, the main difference between the two tiers is that the step-up Premium plan lets you download content for offline viewing and supports Dolby Atmos audio with select content. Otherwise, both provide access to the same catalog of movies and TV shows, including content from Disney, Pixar, Star Wars, National Geographic, and Marvel. That means, no matter which one you sign up for, you’ll be able to stream upcoming documentaries from both James Cameron and Taylor Swift, as well as Deadpool & Wolverine, the second season of Andor, and newer, kid-friendly favorites like Lilo & Stitch.

The U.S. National Highway Traffic Safety Administration (NHTSA) has opened a new investigation into 2.88 million Tesla vehicles running “Full Self-Driving” (FSD). Officials say the system may be breaking traffic laws, and worse, causing accidents. According to Reuters, 58 reports describe Teslas blowing through red lights, drifting into the wrong lanes and even crashing at intersections. Fourteen of those cases involved actual crashes, and 23 caused injuries.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

WOULD YOU BUY THE WORLD’S FIRST PERSONAL ROBOCAR?

Red lights, train tracks and trouble ahead

In one striking pattern, six Tesla vehicles reportedly ran red lights before colliding with other cars. One driver in Houston complained that FSD “is not recognizing traffic signals,” saying the car stopped at green lights but ran through reds. The driver even said Tesla had seen the issue firsthand during a test drive, but refused to fix it. The agency is also reviewing new reports that some Teslas using FSD failed to handle railroad crossings safely, with one case involving a near-collision with an oncoming train.

WILL AUTONOMOUS TRUCKS REPLACE DRIVERS BY 2027?

Mounting legal and safety scrutiny

This is far from Tesla’s first brush with regulators. The company is already facing several investigations tied to both its Autopilot and FSD systems. In one high-profile case, a California jury ordered Tesla to pay $329 million after an Autopilot-related crash killed a woman. Another investigation is looking into Tesla’s limited Robotaxi service in Austin, Texas, where passengers reported erratic driving and speeding — even with human safety drivers onboard. Meanwhile, Tesla is still fighting a false advertising lawsuit from California’s DMV. Regulators say calling the software “Full Self-Driving” is misleading, since it requires constant driver supervision. Tesla recently changed the name to “Full Self-Driving (Supervised)” to reflect that reality.

Regulators say more crashes may come

Tesla’s latest FSD software update arrived just days before the investigation began. But the NHTSA says the system has already “induced vehicle behavior that violated traffic safety laws.” This investigation, now in its early stages, could lead to a recall if the agency finds that Tesla’s self-driving software poses a safety risk.

LUCID JOINS TESLA AND GM WITH HANDS-FREE HIGHWAY DRIVING

Regulators say some Teslas ran red lights and ignored traffic signals. (Christopher Goodney/Bloomberg via Getty Images)

What this means for you

If you drive a Tesla with FSD enabled, stay alert. The system isn’t fully autonomous, no matter what the name suggests. You should:

• Keep your hands on the wheel and eyes on the road at all times.
• Manually override the system when approaching intersections, crosswalks or railroad tracks.
• Check for Tesla software updates regularly — they may include critical safety fixes.
• Report any unsafe FSD behavior to NHTSA.

For everyone else, this investigation is a reminder that “self-driving” still means supervised driving.

Robotaxi tests raise fresh safety questions for Tesla’s self-driving cars. (AP)

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

Tesla’s dream of a fully autonomous future keeps hitting speed bumps. With safety regulators circling and lawsuits piling up, the company’s next moves will shape public trust in AI-driven transportation. Still, the push toward automation isn’t slowing down; it’s just under heavier watch.

How much control would you give an AI behind the wheel? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com.  All rights reserved.