Discord has confirmed a major security breach that exposed the sensitive data of around 70,000 users, including government-issued photo IDs. This incident occurred through a third-party customer service vendor, not direct Discord servers. Leaked information may include names, Discord usernames, email addresses, IP addresses, the last four digits of credit cards, purchase history, and sensitive passport or photo ID images.
According to Discord’s official press release, hackers accessed the vendor’s systems specifically to extort a ransom from the company. The breach has sparked criticism of strict age verification laws, as users submitting IDs for age checks were among those affected.
Discord states that all impacted users are being notified by email from [email protected]. Affected users are strongly urged to watch out for suspicious emails or calls pretending to be from Discord or other trusted contacts.
Following the breach, Discord revoked access to the compromised vendor, started an internal investigation, and continues to work with law enforcement and data protection authorities. While some rumors exaggerated the scale of the breach, Discord maintains only about 70,000 users had their ID photos exposed.
This incident is a reminder for platforms to enhance their handling of sensitive verification data and for users to stay vigilant against phishing attempts in the wake of breaches.