One of Discord’s third-party customer service providers has been infiltrated by an unauthorized party who was able to gain access to users’ information. Discord said it recently discovered the incident, which took place on September 20. The compromised data includes a “small number” of government IDs like driver’s licenses and passports, which some users may have submitted to verify their ages. To be clear, Discord itself wasn’t hacked, and you would only be affected by the data breach if you’ve ever communicated with the messaging service’s Customer Support or Trust & Safety teams. That also means the bad actors didn’t get access to your messages within the service, just whatever you may have communicated with customer support.
Discord has been sending out emails to people affected by the breach, even those who have no accounts but have contacted their support teams for any reason. In the email, the service said that the compromised information may include your real name, your username if you have one, your email and other contact details, the last four digits of any credit card associated with your account and your IP addresses. The service will also specify in the email it sends you if any ID you’d submitted has been compromised, which puts you at higher risk of identity theft than other users. Discord clarified that the breach would not have compromised your full credit card number, your physical address and your password.
The service said it quickly revoked the provider’s access to its system after learning about the breach and notified law enforcement of the incident. It also said that it will “frequently audit [its] third-party systems” to ensure they meet Discord’s standards.