One of the third-party providers offering Discord support services has been compromised due to unauthorized access. The attackers obtained limited information about users who contacted Discord through the support service or the trust and safety department. The attackers aimed to make ransom demands. It is important to note that Discord itself was not directly hacked.

User information and scanned identification revealed in the Discord support data breach

The accessed data includes names, usernames, email addresses, and the last four digits of credit card numbers. Additionally, images of some government-issued identification from users who appealed age verification were obtained. At the same time, full credit card numbers and passwords remained untouched.

The company has already notified affected users via email. In cases where possible, it was indicated whether their identification could have been obtained by the attackers. Discord has also revoked support access to application processing systems, reported to data protection authorities, is cooperating with law enforcement, and has reviewed threat detection systems and security measures applied to third parties.