Messaging platform Discord has confirmed that official ID photos and personal details of about 70,000 users may have been leaked following a cyber-attack targeting one of its third-party service providers.
The company, which boasts more than 200 million users worldwide, said the breach occurred through a firm responsible for verifying users’ ages and not through Discord’s own systems.
According to a statement, the exposed data may include personal information, partial credit card details, and messages exchanged with Discord’s customer support agents. However, no full credit card numbers, passwords, or private messages beyond those support conversations were compromised, the firm assured.
Discord said it has contacted all affected users and is working with law enforcement authorities to investigate the incident. It has also revoked access for the customer support provider whose system was targeted. The company did not name the third-party vendor involved.
A representative of Zendesk, one of Discord’s customer service partners, told the BBC that its systems were not breached and that the leak was not caused by any vulnerability within its platform.
Speculation online has suggested that the data breach could be larger than Discord disclosed, but the company dismissed such claims as false and part of an extortion attempt. “We will not reward those responsible for their illegal actions,” a Discord spokesperson said.
Cybersecurity experts note that ID documents and official personal data can be highly lucrative on the dark web, often used for identity theft and fraud.
Discord has strengthened its age-verification policies in recent years amid concerns that some of its servers were being misused to distribute pornographic or extremist content.