According to The Verge, Discord announced that one of its third-party customer support partners was recently compromised by an "unauthorized party," which Discord said was trying to "demand a financial ransom."
Although the hackers did not directly gain access to Discord, some user data was affected by the intrusion - specifically data that users shared with Discord's customer support team and trust and safety team, including government ID documents submitted for age verification.
Discord said in a press release that all users affected by the breach will receive email notifications soon.The types of data that may be at risk include names, Discord usernames, email addresses, contact information, payment methods, the last four digits of credit card numbers (not credit card verification codes or full credit card numbers), purchase records, IP addresses, messages communicated with customer support, and "limited enterprise data."
The most concerning data from the breach were the small number of images of government ID documents, such as passports or driver's licenses, submitted to Discord for age verification purposes.Discord added: "If your identification may have been obtained, the relevant information will be noted in the email you receive." It is worth noting that the breach did not result in the leakage of passwords, authentication data, or "message records beyond the scope of the user's communication with customer support."Discord also said it has revoked access to its systems from affected customer support partners.
If you have not shared information with the Discord customer support team recently, there is a high chance that you will not be affected by this intrusion.But if you think your data may have been compromised, please keep an eye out for emails from Discord.If your identity document was involved in this breach, it is recommended to review the identity theft and data breach response guidance issued by the US Internal Revenue Service (IRS) or the UK's National Cyber Security Center (NCSC).
The data breach occurred six months after Discord began requiring age verification in some regions.The UK's Online Safety Act made such age verification a legal requirement, but users quickly found ways to get around it, including using the photo mode in Death Stranding.Some U.S. states have passed similar age verification laws.
Discord's data leak fully illustrates why people around the world are worried and dissatisfied with such policies - in addition to censorship-related issues, there are obvious risks in providing scans and photos of sensitive data such as government ID documents to companies that may lack adequate security measures to protect this data.
