A third-party customer support system utilized by Discord’s assistance teams has suffered a security breach, leading to the exposure of certain user personal information, including government identification documents.

On September 20th, Discord notified some users that an unauthorized entity had gained limited access to personal data. This breach included “a small number of government ID images, such as driver’s licenses and passports, from users who had requested a review of their age verification.”

Discord, a platform frequented by millions of gamers worldwide, disclosed that sensitive information shared by users with its Customer Support or Trust and Safety teams might have been compromised. This includes real names, Discord usernames, email addresses, contact details, some payment information—specifically payment types, the last four digits of credit cards, and purchase history—along with IP addresses, as well as messages and attachments sent to customer support. Additionally, some corporate data, like training materials and internal presentations, was also exposed.

Importantly, full credit card numbers or CVV codes, Discord activity, messages, and passwords or authentication information were not believed to be part of the breach. However, Discord has not specified the number of users affected among its vast user base.

In a blog update, Discord clarified that only “a limited number of users who had interacted with customer support” were impacted and emphasized that the unauthorized party did not breach Discord’s systems directly. They assured users that they had taken “appropriate measures” by informing data protection authorities and law enforcement while also reviewing their security controls and threat detection systems for third-party support services.

Looking forward, Discord advised affected users to remain vigilant against potentially suspicious messages or communications. They have service agents available to address inquiries and provide further assistance. “We are committed to safeguarding your personal information and understand the concerns and inconveniences this incident may cause,” Discord stated.

Lastly, the initial wording of this incident as “authorized” has been corrected to “unauthorized”, and we apologize for any confusion this may have caused.