Discord Hit by Third-Party Breach; User Data and ID Images Leaked

Discord has confirmed that one of its third-party customer service providers suffered a data breach caused by an unauthorized party. The attacker reportedly accessed limited user information from individuals who had contacted Discord’s Customer Support or Trust & Safety teams. According to the company, the incident was an extortion attempt, as the attacker demanded a financial ransom from Discord.

The company clarified that its internal systems were not breached. The unauthorized party only accessed data stored by the external support provider. Information exposed in the breach may include names, usernames, email addresses, and the last four digits of credit card numbers. Discord also confirmed that a small number of government ID images were accessed, specifically from users who had appealed age verification decisions.

However, full credit card details and passwords remain secure, as these were not part of the compromised data. Discord has started notifying affected users via email. Those whose ID images were accessed will receive specific details about the exposure.

In response, Discord immediately revoked the third-party provider’s access to its ticketing system and alerted data protection authorities. The company is also cooperating with law enforcement and has reviewed its threat detection systems to strengthen security across all third-party partners.

The incident highlights the growing cybersecurity risks linked to outsourced customer support operations, sources said. Discord says it is taking additional steps to prevent such incidents in the future, ensuring better protection for user data.