Discord breach exposes 70,000 government IDs: what went wrong and who was affected

Discord has revealed the potential extent of its recent security breach. The company stated in an updated press release that 70,000 members of its platform may have had their government IDs compromised.

The data breach comes after Discord joins a growing number of tech companies that are asking their customers to prove they meet minimum age requirements by providing their driver’s licences or government IDs. Discord implemented a system that involves users providing their selfies when they are reported for being underage on the platform.

According to Discord, the breach occurred through an unnamed third-party service that it uses to support its customer service. Only users who had communicated with the Customer Support or Trust & Safety team are affected. It also stated that only customer data shared with the teams was at risk.

The statement reads in part, “Recently, we discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.”

Discord has disengaged the vendor’s access to its ticketing system as it continues to investigate the incident in conjunction with law enforcement.

The official release states the following customer data may have been compromised:

• Name, Discord username, email, and other contact details
• Limited billing information, such as payment type, the last four digits of your credit card, and purchase history
• IP addresses
• Messages with customer service agent
• Limited corporate data (training materials, internal presentations)
• A small number of government‑ID images

Discord is contacting impacted users who will receive an email from noreply @ discord.com. The company warns that no phone contact will be made to protect unsuspecting victims.

As more companies try to comply with local legal requirements by asking for IDs to access their services, many users are wondering what they can do to protect themselves from such breaches. Some have opted for VPNs to mask their physical location, but a number of popular websites already restrict IP addresses associated with VPNs.