Discord reported a security breach involving one of its third-party customer service providers, where an unauthorized party gained access to information from a limited number of users who had interacted with Discord’s Customer Support and Trust & Safety teams. The breach did not involve direct access to Discord’s main systems. The unauthorized party sought to extort a financial ransom from the company.
The compromised data may include names, usernames, email addresses, and the last four digits of credit card numbers. Additionally, a small number of images of government IDs were accessed from users who appealed age determinations. However, Discord stated that full credit card numbers and passwords were not affected by this incident.
In response to the breach, Discord is currently notifying affected users via email, with specific details provided for those whose IDs may have been accessed. The company has taken measures to revoke the third-party provider’s access to its ticketing system and has informed relevant data protection authorities. Discord is collaborating with law enforcement and reviewing its threat detection systems and security controls for third-party support providers.
Source: https://www.theverge.com/news/792032/discord-customer-service-data-breach-hack