Discord customer service data breach leaks user info and scanned photo IDs
- Discord suffered a data breach involving one of its third-party customer service providers.
- The unauthorized party gained access to user information, including names, usernames, emails, and credit card numbers (last four digits).
- Images of government IDs from users who had appealed an age determination were also accessed by the hack.
- Full credit card numbers and passwords were not impacted by the breach, according to Discord.
- Discord is notifying affected users via email and has taken steps to revoke access to its ticketing system and notify data protection authorities.
One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says. The unauthorized party gained access to “information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams” and aimed to “extort a financial ransom from Discord.” The unauthorized party “did not gain access to Discord directly.”
Data potentially accessed by the hack includes things like names, usernames, emails, and the last four digits of credit card numbers. The unauthorized party also accessed a “small number” of images of government IDs from “users who had appealed an age determination.” Full credit card numbers and passwords were not impacted by the breach, Discord says.
The company is notifying impacted users now over email. If your ID might have been accessed, Discord will specify that. Discord also says it revoked the support provider’s access to Discord’s ticketing system, has notified data protection authorities, is working with law enforcement, and has reviewed “our threat detection systems and security controls for third-party support providers.”