Discord has announced that one of its third-party customer service partners was recently compromised by an “unauthorized party” that Discord says was attempting to “extort a financial ransom.” Some user data may have been accessed. A limited number of government ID images submitted for age verification are included in the possible leak. 😬
The company says anyone impacted will be contacted by email, and it has revoked the affected partner’s access to its systems. According to a press release, the types of data potentially at risk include names, Discord usernames, email addresses, contact details, payment types, the last four digits of credit card numbers (not full numbers or CVVs), purchase history, IP addresses, and messages shared with customer support.
Discord specifically called out a “limited number” of government-issued ID images, such as passports or driver’s licenses, that were shared with Customer Support and Trust & Safety for age verification purposes. The company added, “If your ID may have been accessed, that will be specified in the email you receive.” Discord also stated that no passwords or authentication data were exposed beyond what users might have shared with support.
If you haven’t recently shared documents with Discord’s Customer Support, you are unlikely to be affected, but watch for an email from Discord if you think your data might be involved. For individuals whose ID images may have been accessed, Discord and security advisers recommend consulting identity theft resources, such as the IRS identity theft guide and the NCSC data breach guidance, for next steps.
If this affects you, share what happened in the comments below and follow us on X and Bluesky for updates.