Over 70,000 government ID photos leaked in Discord data breach

Discord has confirmed a significant data breach affecting approximately 70,000 users, with government ID photos among the compromised information. This incident was linked to a third-party vendor responsible for reviewing age-related appeals. The popular platform, which boasts over 200 million users worldwide, previously indicated that a 'limited number' of users who interacted with its customer support were impacted. The company clarified that the breach did not originate from Discord directly, but rather through unauthorized access gained via one of its customer service providers. In a recent blog post, Discord stated, "We recently discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. This unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams." Upon discovering the breach, Discord acted swiftly to mitigate the situation. Actions taken included revoking the third-party provider's access to its ticketing system, initiating an internal investigation, and hiring a leading computer forensics firm to assist in the inquiry and remediation process. Additionally, law enforcement has been engaged to further investigate the breach. While Discord has not disclosed the name of the affected service provider, it has stated that their access to the ticketing system has been terminated and that the investigation is ongoing. The company has informed relevant data protection authorities and is in communication with law enforcement. Impacted users are being notified via email about the breach. To ensure user safety, Discord has advised individuals to remain vigilant against potential suspicious communications. The breach may have compromised various data, including names, Discord usernames, email addresses, and other contact information provided to customer support. Additionally, limited billing information—such as payment type, the last four digits of credit cards, purchase history, and user IP addresses—could also be at risk. Importantly, Discord has assured users that sensitive information such as full credit card numbers, CVV codes, passwords, and any private messages or activities beyond customer support discussions remain secure. The company is actively working to rectify the situation and protect its users from further risks.