Discord Customer Service Provider Hacked, Exposing User Data and Government IDs.

Discord, the popular voice, video, and text communication platform, has recently disclosed a security incident stemming from a breach at one of its third-party customer service providers. The company confirmed that an unauthorized party gained access to limited user information, impacting individuals who had recently interacted with its Customer Support or Trust & Safety teams.

The company emphasized that the breach did not compromise Discord’s core systems or platform directly. The attackers targeted the external vendor responsible for handling support tickets, with the ultimate goal of extorting a financial ransom from Discord.

Data exposed in the incident includes essential contact information provided during support requests. Compromised data may consist of user names, Discord usernames, email addresses, IP addresses, and the full content of messages exchanged with customer service agents.

Most alarmingly, the breach exposed a "small number" of government-issued photo identification documents, such as passports and driver's licenses. These sensitive files belonged to users who had submitted them to appeal age determinations on the platform. Limited billing information, specifically the payment type, the last four digits of a credit card, and purchase history, was also compromised for some users.

Crucially, Discord confirmed that user passwords, full credit card numbers, CCV codes, and private in-app messages and activity outside of customer support threads were not affected by the breach. This containment ensures that core account credentials remain secured.

Upon discovering the compromise, Discord immediately revoked the third-party provider's access to its ticketing system. The company has since launched a full internal investigation, engaged a leading computer forensics firm, and notified law enforcement to pursue the unauthorized party.

Discord is currently in the process of notifying all affected users via email. Impacted users should look for an official message from noreply@discord.com that will specify exactly what data, including whether their government ID, may have been accessed. Users are strongly advised to remain vigilant against potential phishing attempts.