All
Premium
06.10.2025

A security breach in Discord's customer service has impacted 70,000 users

Image credit: Discord

Update, October 10, 2025: Discord has revealed a data breach affecting 70,000 users due to a security incident involving a third-party vendor handling customer service.

According to a report by The Verge, some users had government-ID images exposed, which were utilized by the vendor to process age-related disputes.

"We have reached out to all those impacted globally and are working in conjunction with law enforcement, data protection officials, and cybersecurity specialists," Discord stated.

"The compromised systems have been secured, and we have ceased our relationship with the affected vendor. We are committed to safeguarding your personal information and understand the potential worry this event may cause."

Initial report, October 6, 2025: A breach at a third-party customer service provider linked to Discord led to an unauthorized access of data, which included "a limited number of government-IDs."

Last Friday, Discord informed users of the unauthorized access of data from some who had engaged with its Customer Support or Trust & Safety teams.

This breach involved images from age verification appeals, emphasizing the security risks associated with third-party compliance with the Online Safety Act, as noted by experts.

The compromised data consisted of:

  • Name, Discord nickname, email, and other contact details given to Discord support
  • Types of payment, truncated credit card information, and purchase history linked to an account
  • IP addresses
  • Communications with customer support representatives
  • Specific corporate information (e.g., training documents, internal slides)
  • A few government-ID images (driver’s licenses, passports) from users involved in age-related appeals

Passwords, full credit card numbers, CCV codes, or interactions on Discord beyond customer support discussions were not compromised.

"Upon learning of this attack, we acted swiftly," Discord noted. The measures included revoking the vendor's access to their systems, starting an internal probe, involving a top-tier computer forensics firm for investigation and recovery efforts, and notifying law enforcement.

Affected users will receive email notifications from noreply@discord.com. Discord assures that there will be no phone contact for those impacted by this breach. Individuals whose IDs were compromised will get specific mentions in the emails.

gamesindustry.biz
Comments
Write a comment...
Related news