Discord has revealed that one of its customer service providers has suffered a data breach. The attackers gained access to Government-ID images, and user details.
Discord doesn't actually mention when the breach took place, it only says it "recently discovered an incident". The fact that Government ID images were stolen is important, the U.K.'s Online Safety Act came into effect on July 25, 2025. So, that means the data breach happened sometime between then and October 3rd, when the news about the incident was revealed. It's also worth noting that the victim of the hack was a third-party customer service that has not been named.
As for the attack, the incident involved an unauthorized party compromising one of the messaging services' customer service providers, which in turn allowed the hackers access to limited customer data, pertaining to those who had contacted Customer Support and/or Trust & Safety teams. Discord says it revoked the breached service provider's access to its ticketing system. It is investigating the matter with the help of a computer forensics firm, and is working with law enforcement. Users who were impacted by the incident are being notified via an email that is sent from noreply@discord.com
Here's what Discord says the hackers managed to access: Name, Discord username, email and other contact details that were provided to customer support, billing information such as payment type, the last four digits of credit cards, and purchase history of the accounts, IP addresses, messages with customer service agents, and limited corporate data (training materials, internal presentations).
There was something else.
"The unauthorized party also gained access to a small number of government?ID images (e.g., driver’s license, passport) from users who had appealed an age determination. If your ID may have been accessed, that will be specified in the email you receive."
Well, what do we have here?
On July 21st, Discord had published a blog article about compliance with the U.K's Online Safety Act. It said this, "Privacy-protecting process. Discord and k-ID do not permanently store personal identity documents or users’ video selfies. Images of a user's identity documents and ID match selfies are deleted directly after their age group is confirmed, and the video selfie used for facial age estimation never leaves their device."
And yet, Discord now says the hackers stole the Government ID images. How is that possible if the images were deleted upon verification? So, which of the two statements is true. Of course, it's the latter. Isn't this a violation of trust? A breach of their own terms and conditions?
It didn't take long for the breach to happen. This is the price you pay for online age verification, your privacy, and your data.
Thank you for being a Ghacks reader. The post Discord customer service data breached; Government-ID images, and user details stolen appeared first on gHacks Technology News.
0 Commentaires