Discord confirmed a data breach last Friday, October 3rd, after one of its third-party customer service providers was hacked. The company said the attacker got access to information from a limited number of users who had reached out to Discord’s Customer Support or Trust & Safety teams.
The good news is that Discord itself wasn’t directly hacked. The breach came through an external support partner, and the attacker’s goal seemed to be financial extortion from the popular social platform. Once the issue was discovered, Discord cut off the provider’s ticketing system access.
According to Discord, the stolen data may include names, usernames, email addresses, IPs, and partial billing details like the payment type and the last four digits of credit cards, if there’s any purchase history associated with your account.
In a few cases, images of government IDs such as driver’s licenses or passports were also accessed, mostly from users who had appealed an age verification process, which recently saw changes due to the UK Online Safety Act. Discord clarified that passwords, authentication data, and full credit card numbers were not affected.
“Discord has and will continue to take all appropriate steps in response to this situation. As standard, we will continue to frequently audit our third-party systems to ensure they meet our security and privacy standards,” the official statement read.
The company has already alerted data protection authorities and is now contacting impacted users directly through emails from noreply@discord.com. If your ID was accessed, that information will be mentioned in the message you receive.
Related stories:
