Discord Data Breach Exposes User Info and Photo IDs
▼ Summary
– A third-party customer service provider for Discord was compromised by an unauthorized party attempting to extort a financial ransom.
– The breach exposed limited user information including names, emails, and partial credit card details, but did not involve full credit card numbers or passwords.
– A small number of government ID images from users appealing age determinations were potentially accessed in the incident.
– Discord is notifying affected users via email and has revoked the compromised provider’s access to its ticketing system.
– The company has reported the breach to data protection authorities and law enforcement while reviewing security controls for third-party providers.
A recent security incident at Discord has exposed a limited amount of user information, including email addresses and partial payment details, following a breach at one of its third-party customer support vendors. The company confirmed that an unauthorized individual infiltrated the support provider’s systems in an attempt to extort money from the platform. Importantly, Discord’s own internal networks and servers remained secure throughout the incident, with the breach confined to the external support infrastructure.
According to Discord’s official statement, the compromised data includes user-submitted information from support tickets, potentially covering full names, Discord usernames, email addresses, and the final four digits of credit card numbers. In a more serious development, the intruder also obtained a small collection of government-issued identification documents. These IDs came specifically from users who had submitted them during age verification appeals. The company emphasized that complete credit card numbers and user account passwords were not exposed in this security breach.
Discord has begun directly notifying affected users via email, with specific alerts going to individuals whose identification documents may have been accessed. The platform has taken several corrective actions in response to the incident, including immediately revoking the compromised support provider’s access to Discord’s ticketing system. The company has also notified relevant data protection authorities, initiated cooperation with law enforcement agencies, and conducted a comprehensive review of security protocols for all third-party support providers to prevent similar incidents in the future.
(Source: The Verge)
