Discord has confirmed that around 70,000 user photo IDs has been stolen following a cyberattack on one of its third-party service providers during the weekend. The affected users had previously submitted ID documents or selfies to verify their age or as part of appeals handled by Discord’s Customer Support and Trust & Safety teams.
In a recent statement, the company clarified that its own systems were not breached. Instead, the incident occurred after an unauthorised party compromised a vendor that managed Discord’s customer support and age verification processes. The exposed data may include government ID photos, partial payment information, and messages exchanged with Discord’s support agents, but not full credit card details, passwords, or user activity outside of those support interactions.
“Recently, we discovered an incident where an unauthorised party compromised one of Discord’s third-party customer service providers,” the company said. “The unauthorised party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.”
Discord has since revoked the vendor’s access to its internal systems and is working with law enforcement to investigate the breach. The company said all impacted users have been notified via email from noreply@discord.com and are advised to remain vigilant for suspicious messages or phishing attempts.
While Discord has not named the affected provider, a representative from Zendesk told the BBC that its systems were not compromised and that the breach did not stem from a vulnerability within its platform. Discord also denied claims circulating online that the incident was larger than reported, calling those allegations “an attempt to extort payment. The company added that it will not yield to the attackers’ demands and reiterated that the breach was not a ransomware incident.
(Source: Discord [official website] / BBC)
