This incident serves as a reminder of the growing threat of third-party data breaches, especially in social media and online communication platforms where millions of users share personal and sensitive data daily.
In a major cybersecurity breach, Discord has confirmed that personal information — including government ID photos — of more than 70,000 users was leaked after a third-party customer service vendor was compromised. The popular chat platform, with over 200 million global users, says hackers gained unauthorized access through its customer support system, not directly through Discord’s servers.
According to Discord’s official statement, the breach occurred when a third-party vendor’s system was hacked, giving cybercriminals access to sensitive data belonging to users who had interacted with Discord’s Customer Support or Trust & Safety teams.
“As soon as we discovered the breach, we revoked the vendor’s access, launched an internal investigation, partnered with a leading forensics firm, and notified law enforcement,” Discord said in a blog post.
The leaked data may include users’ names, email addresses, Discord usernames, and limited billing information, such as payment type, the last four digits of credit card numbers, and purchase history. Additionally, IP addresses, messages exchanged with Discord’s support agents, and internal training materials were reportedly exposed.
More concerningly, the company confirmed that hackers may have gained access to a small number of government ID images, such as driver’s licenses and passports, which were used by users who appealed age-verification decisions.
Discord has clarified that no passwords, authentication tokens, or full credit card details were compromised in the incident. However, the company has urged all users to remain cautious and report suspicious messages or emails that may attempt to exploit the breach. It has already notified affected users via email and reported the incident to data protection authorities and law enforcement agencies. The company reiterated its commitment to strengthening data privacy, user safety, and cyber resilience in the wake of the breach.
