Discord third-party data leak: users’ personal data compromised
By ForGeeks
One of Discord’s third-party service providers has been hacked, giving attackers access to user data. According to the company, the incident occurred on September 20 and was recently revealed. Among the stolen information were scans of government-issued IDs — driver’s licenses and passports that some users had sent in to prove their age.
It’s important to clarify: Discord itself was not hacked. The only people at risk were those who ever contacted the support team or the Trust & Safety team. This means that the attackers didn’t get access to your private messages, only the data that was shared when you contacted support.
The company has already started sending out notifications to those affected, including those who don’t even have a Discord account but have contacted their services. The letter indicates that the following may have been compromised: real name, username, email address and other contact information, the last four digits of the bank card linked to the account, and IP addresses. If uploaded identities were leaked, users will be notified separately as this increases the risk of identity theft.
So far, users will be notified separately, as this increases the risk of identity theft.
Discord emphasizes, however, that full card numbers, home addresses and passwords were not affected.
After discovering the incident, the company immediately revoked the contractor’s access to its systems and notified law enforcement. Going forward, Discord promises to «regularly audit third-party systems» to ensure they meet internal security standards.
