Discord has revealed a security incident stemming from a hack of one of its third-party vendors that provides content moderation and customer support. The breach affected a subset of users who interacted with Discord Support or Trust & Safety and had submitted documents for age verification.
what was accessed
- Limited personal data: names, email addresses, and the last four digits of payment cards
- “A small number” of government-issued IDs (e.g., passport and driver’s-license scans) used for age checks
What was not accessed
- Discord’s core systems and databases
- User passwords or full payment information
Discord says the attackers attempted to extort money to prevent publication of the stolen information. The company has revoked the vendor’s access, tightened oversight of external partners, notified regulators, and is emailing impacted users with guidance. Separate notices are being sent to anyone whose identity documents may have been exposed.
What affected users should do (best practice)
- Watch for phishing emails and DMs claiming to be from Discord
- Enable two-factor authentication and review active sessions
- Consider placing a fraud alert/monitoring on your identity if your ID was involved
- Replace exposed IDs where possible and contact your payment provider if concerned about card data
Share
Copied
