Discord notifies 70,000 users after third-party data breach exposes government ID images

Discord has confirmed that approximately 70,000 users may have had government-issued identification photos exposed following a data breach involving a third-party customer service vendor. The company disclosed that the incident occurred earlier in October and affected data processed for age verification and support appeals.

Reports on social media initially claimed that over two million images were stolen and used to extort the company. However, Discord spokesperson Nu Wexler clarified to The Verge that these figures were inaccurate.

“First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts,” Wexler said. “Second, the numbers being shared are incorrect and are part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users who may have had government-ID photos exposed, which our vendor used to review age-related appeals.”

Discord confirmed that it has no plans to comply with the extortion attempt. “We will not reward those responsible for their illegal actions,” the spokesperson added.

According to the company, potentially exposed data includes names, usernames, email addresses, IP addresses, and customer support messages. Some limited billing information, such as payment type, the last four digits of credit cards, and purchase history, may also have been accessed.

Discord stated that no passwords, authentication data, or full payment details were affected. The platform immediately revoked the vendor’s access, launched an internal investigation with a digital forensics firm, and notified law enforcement authorities.