Discord has disclosed a security incident involving one of its third-party customer service providers, after an unauthorized party gained access to certain user data in what the company described as an attempted extortion.
According to Discord, “an unauthorized party compromised one of Discord’s third-party customer service providers,” affecting a limited number of users who had interacted with its Customer Support or Trust & Safety teams. The company said its internal systems and user messages outside of support communications were not compromised.
The breached data may include names, Discord usernames, email addresses, IP information, and limited billing details, such as payment type and the last four digits of credit cards. A small number of government ID images submitted for age verification appeals were also accessed. Passwords, authentication data, and full credit card information were not affected, the company said.
Discord said it revoked the service provider’s access to its ticketing system and began working with law enforcement and a digital forensics firm to investigate the breach. Impacted users are being notified directly via email from the company’s official domain.
The platform said it has also informed relevant data protection authorities and is reviewing security controls across its third-party support systems.
Discord stated that it views user privacy and data protection as a top priority and is continuing to monitor for suspicious activity related to the incident.
Source: Discord
