A significant security incident has compromised the personal data of users on the popular communication platform Discord. The breach, which occurred through a third-party service provider, resulted in unauthorized access to sensitive user information.
According to the platform, the attacker targeted its customer support system, potentially exposing data from users who had interacted with support or safety teams. The compromised information includes usernames, email addresses, partial billing details, and correspondence with support staff.
Most critically, the breach involved a limited number of government-issued identification documents, such as driver’s licenses and passports. These were submitted by users appealing age verification decisions. The company has stated it is directly notifying all affected individuals.
The incident, which took place in late September, appears to have been a ransomware attempt. In response, the platform has terminated the third-party provider’s access and initiated an investigation with law enforcement agencies.
This security lapse comes as platforms face increasing regulatory pressure to implement robust age verification systems. Recent policy developments have emphasized that while identification documents can be part of age assurance processes, they cannot serve as the sole method of verification.
The relevant privacy authorities have been notified about the breach. The platform, which serves hundreds of millions of active users monthly, has faced scrutiny over its data protection measures following the incident.
