Discord data breach exposes user info, scanned photo IDs
What's the story
Discord, a popular communication platform, has confirmed a data breach involving one of its third-party customer service providers. The company said that an "unauthorized party" accessed data from a limited number of users who had contacted Discord's Customer Support and/or Trust & Safety teams. The attacker reportedly sought to extort a financial ransom from Discord but did not gain direct access to the platform itself.
Data details
What data was compromised in the breach?
The data compromised in the breach includes usernames, email addresses, and last four digits of credit card numbers. A small number of government-issued ID photos from users who had appealed an age determination were also accessed by the unauthorized party. However, Discord has clarified that full credit card numbers and passwords were not affected by this security incident.
Response measures
Discord is notifying affected users
In the wake of the data breach, Discord is notifying affected users via email. If your ID was possibly accessed in the breach, Discord will specifically mention that in its communication. The company has also revoked access to its ticketing system from the support provider involved in this incident and reported the matter to data protection authorities.
Security review
Discord is working closely with law enforcement agencies
Along with notifying affected users and revoking access, Discord is also working closely with law enforcement agencies to investigate the breach. The company has reviewed its threat detection systems and security controls for third-party support providers in light of this incident. These measures are part of Discord's commitment to maintaining user trust and ensuring data security on its platform.