Discord Confirms Data Breach, 70,000 Users’ ID Photos Leaked via Third-Party Service
Discord has confirmed that photos of identity documents from around 70,000 users may have been exposed after a security breach. The company clarified that the cyberattack did not directly affect its own systems, but rather an external service provider used to handle appeals related to age verification.
The news comes after a group of attackers claimed to possess 1.5 TB of data and over two million verification photos, which they allegedly used to blackmail the company. However, Discord has denied these claims, calling them inaccurate and part of an extortion attempt they refuse to comply with.
Discord Rejects Blackmail and Explains the Incident
A company spokesperson released a statement to clarify the situation and correct false information circulating online. In the statement, Discord explained the real scope of the breach and its stance against the attackers, stating:
Following last week’s announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions.
According to the company, it has already contacted all affected users and ended its relationship with the compromised service provider. In addition to ID photos, the breach may have also exposed names, email addresses, the last four digits of credit cards, and IP addresses.
