Discord’s recent support data breach exposes user info, ID photos, and credit card details
Discord has recently confirmed a big data breach involving one of its third-party customer service providers. While the company’s own systems were not directly compromised, attackers gained access to the external support partner, exposing data from users who had contacted Discord’s Customer Support or Trust & Safety teams. The leaked information includes names, usernames, email addresses, and the last four digits of credit cards.
Notably, a small number of government-issued identification images such as passports and driver’s licenses were accessed. These ID photos were submitted by users appealing Discord’s age verification process, which was recently introduced to comply with regulations in Britain and select U.S. states. Attackers reportedly tried to extort Discord with a ransom demand using data taken in the breach.
Discord says no passwords, authentication data, or full credit card details were affected. The company is emailing impacted users, specifying if ID images were involved, and has revoked the vendor’s access, notified data protection authorities, and engaged law enforcement. It has also strengthened threat detection and third-party security measures. Users who have not recently engaged with customer support are probably not impacted.
- Instant Messenger
- Freemium • Proprietary
Related news
External links
- Update on a Security Incident Involving Third-Party Customer ServiceDiscord • Official source
- Discord discloses data breach after hackers steal support ticketsBleepingComputer
- One of the worst case scenarios for ID age verification is already here, with a Discord breach compromising some users' dataPC Gamer
- Discord data hacked in latest customer service breach to expose user information — hackers gained access via third-party support systems but didn't steal passwordsTom's Hardware
- Discord customer service data breach leaks user info and scanned photo IDsThe Verge
Comments
Not to get into widespread age-verification online debate (which I'm against). Why are private age-verification services even allowed to exist when the government could verify your age and ask companies a fee for it? This push for age-verification was never about safety online, it is just another profit-making, privacy-invading, fake-demand industry.
You're suggesting government as an intermediary between a user and a service? Yep, absolutely nothing can go wrong with that plan.
Age-Verification went from the top (governments) but I am sure some companies are perfectly willing to make money on it. And there will be data breaches because you have "safety" mandates but no actual data safety regulations.
I forgot to add. There should be regulation both on data safety to prevent both data leaks and on governments getting their hands on user's data. The second one is even more important.