Discord has confirmed that around 70,000 users may have had photos of their government-issued IDs exposed after a data breach involving one of the platform’s third-party customer service vendors.
In early October, Discord revealed that it had suffered a data breach and an unknown amount of information had been impacted. Soon after, rumors began going around social media that over two million age verification photos had been taken in the breach, and that the information was being used to extort the company.
Discord spokesperson Nu Wexler told The Verge on October 8 that the rumored numbers were wrong, but verified an attempt to extort a payment from the company.
“First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts,” they said.
“Second, the numbers being shared are incorrect and are part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users who may have had government-ID photos exposed, which our vendor used to review age-related appeals.
“Third, we will not reward those responsible for their illegal actions.”
Breach involved customer service data
According to Discord, the data exposed may include names, usernames, email addresses, IP addresses, and support messages. Some limited billing information, such as payment type, the last four digits of a credit card, and purchase history, may also have been accessed.
The company confirmed that no passwords, authentication data, or full payment details were affected.
Discord said it immediately revoked the vendor’s access to its systems, launched an internal investigation with the help of a computer forensics firm, and notified law enforcement.
Discord says hackers stole government IDs of 70,000 users