A data breach affecting a third-party customer service provider used by Discord has exposed personal information from users who had contacted the platform’s support teams and among the data accessed were some images of government-issued IDs submitted by users.
The incident will amplify growing concerns around online ID verification, a practice increasingly mandated by governments as a way to enforce age restrictions online.
While Discord confirmed that the attacker did not breach its internal systems, the compromise of a vendor handling sensitive user data shows how collecting official identification, even in limited cases, creates serious and lasting privacy risks.
The compromised vendor had supported Discord’s Customer Support and Trust & Safety teams, and the attacker targeted it in an effort to extort money.
While the breach did not involve Discord’s internal systems, sensitive user data was exposed.
The company stated that the attacker accessed information from a “limited number of users” who had interacted with support staff.
Hellbound and Down 