After confirming a data breach earlier this month, Discord has now revealed that around 70,000 users may have had their government ID photos exposed. The leaked data came from IDs submitted through a third-party vendor responsible for handling age verification appeals.
The platform, which boasts over 200 million users worldwide, had previously stated that only a “limited number” of users who interacted with its customer support team were affected by the breach.
According to Discord, the hackers did not gain direct access to its internal systems. Instead, they obtained the data through one of the company’s third-party customer service providers.
“Recently, we discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.” the company said in a blogpost
“As soon as we became aware of this attack, we took immediate steps to address the situation. This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement.” it added
Discord did not name the third-party customer service provider but said in the blogpost that their access to the company’s ticketing system has b een revoked and is continuing to investigate the matter.
Discord has not disclosed the name of the third-party customer service provider involved. However, in a blog post, the company stated that the provider’s access to Discord’s ticketing system has been revoked while it continues to investigate the incident.
