As reported by The Verge, Discord has announced that one of its third-party customer service partners was recently compromised by an "unauthorized party," who Discord states was attempting to "extort a financial ransom."
While the hackers did not gain access to Discord directly, some users' data was impacted by the breach—specifically data shared with Discord's Customer Support and Trust & Safety teams, including government IDs shared for age verification.
Discord stated in a press release that anyone impacted by the breach will be contacted soon over email. The types of data potentially at risk include names, Discord usernames, email addresses, contact information, payment types, the last four digits of credit card numbers (but not CCVs or full credit card numbers), purchase history, IP addresses, messages shared with customer support, and "limited corporate data."
The most concerning data caught in the breach is a limited number of government ID images shared with Discord for age verification purposes, such as passports or driver's licenses. Discord added that, "If your ID may have been accessed, that will be specified in the email you receive." Notably, no passwords, authentication data, or messages "beyond what users may have discussed with customer support" was compromised in the breach. Discord also stated that it has revoked the impacted customer support partner's access to its systems.
If you haven't shared info with Discord's Customer Support team recently, you most likely won't be impacted by this breach. However, if you think your data may have been leaked, keep an eye out for an email from Discord. If your ID was involved in this breach, you may want to take a look at the IRS or NCSC's identity theft and data breach guides.
This breach comes only six months after Discord started requiring age verification in some regions. The UK's Online Safety Act made such age verification law in Britain, though users quickly found ways around it, including using the photo mode in Death Stranding. Some U.S. states have also passed similar age verification laws.
This data breach at Discord makes it clear why people around the world are concerned and frustrated by these policies—even beyond issues of censorship, there are clear risks involved in giving scans and photos of sensitive data like government IDs to companies that might not have the security to protect that data.
