Discord has confirmed that one of its third-party customer service providers suffered a data breach, exposing the personal details of some users. The incident, which took place on 20 September, involved an unauthorised party gaining access to user information handled by the provider.
The company emphasised that its own systems were not compromised. Only individuals who have previously interacted with Discord’s Customer Support or Trust & Safety teams are potentially affected. This includes users who submitted documents such as driving licences or passports for age verification purposes.
Discord stated that the breach affected a “small number” of government-issued IDs. Messages within the Discord platform remain secure, as the attackers did not gain access to any user chats or internal communications.
Details of the compromised information
Discord has begun notifying affected individuals via email. This includes not only registered users but also people who have contacted its support teams without holding an account. According to the company, the stolen data may include names, usernames, email addresses, contact details, IP addresses and the last four digits of any credit card associated with a user’s account.
For those who submitted identity documents, the notification email specifies whether their ID was among the compromised data. These users may face a higher risk of identity theft. However, Discord has confirmed that no full credit card numbers, physical addresses, or passwords were exposed in the incident.
In its communication to affected parties, Discord explained: “The compromised information may include your real name, your username if you have one, your email and other contact details, the last four digits of any credit card associated with your account and your IP addresses.” The company added that it has taken immediate steps to contain the issue.
Response and future security measures
After discovering the breach, Discord acted swiftly to revoke the provider’s access to its systems and to inform law enforcement authorities. The platform is also reviewing its relationships with external partners to prevent similar incidents in the future.
The company stated that it will “frequently audit [its] third-party systems” to ensure they meet its security standards and maintain the integrity of user data. These measures are designed to enhance Discord’s overall cybersecurity framework and safeguard users’ information across all connected systems.
The incident serves as a reminder of the potential risks associated with third-party service providers, particularly when handling sensitive user information. Discord’s response highlights its ongoing commitment to transparency and data protection, though users are encouraged to remain vigilant for any suspicious activity linked to their personal accounts.
