A knowledge breach discover submitted to the Maine Legal professional Basic’s workplace has named Discord Inc. because the affected firm, however the submitting consists of a number of particulars that make the declare tough to deal with as confirmed.
The discover, submitted on June 8, 2026, lists Discord Inc. of San Francisco, California, because the entity concerned. It claims that greater than 10 million folks have been affected by an incident described as “Insider wrongdoing.” The variety of affected Maine residents is listed as unknown.
Pink Flags
The submission says the breach occurred on July 9, 2024, and was found on August 2, 2025. That timeline locations the reported discovery greater than a 12 months after the listed breach date, with the discover submitted in 2026.
The submitting was not submitted by a named Discord authorized, privateness, or safety consultant. The “Submitted By” part lists Xavier Morrison, with the connection to the affected entity described as “Information Topic / Reporter.”
The listed cellphone quantity seems to be a placeholder (a faux, inactive, or reserved quantity), and the e-mail deal with supplied is a private Gmail account. A evaluate of a earlier information breach discover submitted for Discord to the Maine Legal professional Basic’s workplace in 2023 reveals that the corporate was represented in that submitting by BakerHostetler, an American regulation agency.
These particulars are necessary to note as a result of state breach portals can include notices submitted by events aside from the corporate itself. A submitting can title an organization and embrace critical claims, however that doesn’t robotically imply the corporate has verified the incident or issued the discover immediately.
The discover additionally leaves necessary fields unclear. It doesn’t specify which private information components have been acquired past “Identify or different private identifier together with,” and the connected client discover area seems clean. It additionally lists the patron notification date as January 1, 2000, a date that doesn’t align with the reported breach or discovery timeline.
Moreover, no id theft safety providers have been supplied, in line with the submitting. The discover says client notification was digital, however it doesn’t present a duplicate of the discover despatched to Maine residents.
What Is Maine’s Information Breach Submitting System?
Maine’s information breach submitting system is a public reporting portal run by the state Legal professional Basic’s workplace. Firms and different events use it to submit notices when private data could have been uncovered in a safety incident involving Maine residents.
The portal helps the general public, regulators, and journalists monitor reported breach notices, however a list on the location doesn’t at all times imply each element has been independently verified by the state or confirmed by the corporate named within the submitting.
Deal with The Discover as Unverified and Watch Out for Phishing Emails
The one identified current cybersecurity incident publicly acknowledged by Discord was disclosed in October 2025, when the firm confirmed that hackers stole authorities ID photographs and personal information belonging to about 70,000 customers by way of a third-party vendor breach.
One other incident, submitted to the Maine Legal professional Basic’s workplace in 2023, confirmed a complete of 180 information breach victims, additionally resulting from a third-party breach.
At this stage, the Maine submitting must be learn as an unverified breach declare involving Discord, not as affirmation that Discord suffered a breach affecting greater than 10 million customers. The submission incorporates sufficient irregularities to warrant warning, together with the reporter function, lacking discover copy, incomplete information class data, and weird notification date.
Discord customers don’t must panic based mostly on this submitting alone. A sensible response can be to maintain two-factor authentication enabled, evaluate lively periods, keep away from suspicious hyperlinks, as hackers can use this discover to ship phishing emails, and look ahead to any direct discover from Discord or an official regulator.
Hackread.com has reached out to Discord for remark.
