Discord has disclosed a recent security incident involving one of its third-party customer service vendors. While Discord’s core platform remains unaffected, the breach exposed user data from a limited number of individuals who had previously contacted the company’s Customer Support or Trust & Safety teams.
According to Discord’s official statement, the attacker did not breach Discord’s own infrastructure but instead compromised a support partner’s systems. The intent, reportedly, was to extort Discord for ransom using the stolen data. Once alerted to the intrusion, Discord acted swiftly to revoke the vendor’s access to its systems, launch an internal investigation, and bring in external cybersecurity experts. The company is also working closely with law enforcement agencies.
The exposed information is tied to Discord’s customer support system and may include:
- Name, Discord username, email, and other contact details (if shared with support)
- Limited billing details (such as payment method and last four digits of a credit card)
- IP addresses
- Message history with Discord support agents
- A small number of government-issued ID images (submitted during age verification appeals)
- Internal corporate training materials and presentations
It was confirmed that no full credit card numbers, CVV codes, user passwords, authentication credentials, or messages outside of support interactions were accessed.
Discord has committed to strengthening oversight of vendors, auditing security practices more frequently, and continuing to prioritize user privacy.
Impacted users are being notified directly via email from their official [email protected] address. They emphasized that they will not reach out via phone, and users should stay alert for phishing attempts or unfamiliar communications in the wake of the breach.
This incident highlights the growing risk surface introduced by third-party service providers, even for companies with robust internal security.
For additional information and support channgels, visit their official statement post here.
Leave a Reply