Discord has disclosed a significant data breach that has compromised the personal information of at least 70,000 users, including government-issued ID photographs.
Cyber attackers obtained unauthorised access to sensitive customer data by targeting a third-party vendor responsible for conducting age verification appeals.
This information is shocking for a platform that serves more than 200 million users worldwide and is dedicated to social interaction and gaming.
Hackers exploit third-party vendor for data access
The breach occurred when hackers infiltrated a third-party customer service provider engaged by Discord to verify user ages. During age-related appeals, users submit government ID photos like driving licenses or passports to the vendor.
RelatedPosts
Discord said these personal photos, IP addresses, and limited billing information may have been revealed. The company verified that no payment card numbers, account passwords, or Discord activity beyond customer support messages were viewed.
Discord responds: Immediate action and Investigation
Discord promptly terminated the vendor’s access to its systems and contacted all affected users upon its discovery. The organisation collaborates with law enforcement agencies to mitigate the breach and prevent additional harm.
A spokesperson emphasised that the violation was due to the third-party provider, not Discord itself, underscoring their commitment to user security. While hackers claimed to have extracted more extensive data, including over two million ID images, Discord described these as inaccurate extortion attempts to pressure the company for ransom.
This incident highlights the risk linked to third-party partnerships in digital platforms, especially regarding sensitive data like government-issued IDs required for age verification. Growing regulatory needs for online age checks present critical issues for users and platforms in protecting personal data. Despite escalating cyber dangers, Discord’s quick response sets a norm for transparency and responsibility.