Discord user data leaked after breach at customer service partner

Discord has reported a security incident involving user data that was compromised through a breach at one of its third-party customer service partners. This widely-used communication platform, boasting over 200 million users, enables free text, voice, and video messaging in private chats and community servers. The company stated that the breach affected a "limited number" of users who had recently interacted with its customer support team. While Discord itself was not directly breached, the attackers accessed user data through a compromised third-party service provider. According to Discord, the objective of the hackers was to obtain user information in order to extort financial gain from the company. In a blog post, Discord detailed the incident, revealing, "Recently, we discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams." Upon discovering the breach, Discord acted swiftly to mitigate the situation. Measures included revoking access to the customer support provider, initiating an internal investigation, hiring a leading computer forensics firm for assistance, and collaborating with law enforcement authorities. The compromised data potentially includes users' names, Discord usernames, email addresses, and any additional contact information provided to customer support. Details such as limited billing information—like payment types, the last four digits of credit cards, purchase histories, and users' IP addresses—were also at risk. Furthermore, interactions with customer service agents and some corporate data, including training materials and internal presentations, may have been exposed. Notably, hackers may have accessed a small number of government-issued ID images from users who had appealed age verification decisions. However, Discord reassured its community that sensitive information, including full credit card numbers, CVV codes, passwords, and any messages or activities outside customer support discussions, remain secure. The company has informed relevant data protection authorities about the breach and has proactively engaged law enforcement for a thorough investigation. Affected users are being notified via email to keep them informed about the incident.