Discord confirms customer service breach resulting in personal information being exposed

Discord has confirmed that a third-party customer service platform has been targeted by an attack that has resulted in the personal data of some of its users being exposed to "an unauthorized party."

The details:

• The popular social platform has began reaching out to affected users via email to confirm that on September 20, attackers compromised one of its third-party customer service providers. As a result, the only users affected are among those who had contacted Discord’s Customer Support or Trust & Safety teams, and Discord itself was not impacted, meaning no content on the platform has been exposed.
• According to Discord, the type of personal data that was exposed includes contact information such as Discord usernames, full real names, email addresses, contact addresses, IP addresses, and “limited” payment information such as the last four digits of credit cards, payment methods, and purchase histories. Messages and attachments exchanged with customer support have also been exposed, as well as internal presentations and training materials.
• The platform has confirmed that a “small number of government‑ID images,” such as driver’s licenses, passports, and other forms of legal identification “from users who had appealed an age determination,” were included in the breach.
• Discord has said that it is already taking action following the attack by working with law enforcement and has contacted the relevant data protection authorities. It has also revoked the customer support provider’s access to Discord’s ticketing system.