Discord says 70,000 users had government IDs exposed in third-party breach
About 70,000 users of the social media platform Discord had their government IDs stolen, the company said Wednesday evening.
Discord disclosed the breach last week, saying that hackers stole information about users who had communicated with their customer support or trust and safety teams.
In a statement to Recorded Future News, a Discord spokesperson sought to address recent claims made by the hackers behind the breach.
“The numbers being shared are incorrect and part of an attempt to extort a payment from Discord,” they said. “Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals.”.
They reiterated that the breach did not involve a direct attack on Discord but instead involved an unnamed third-party customer service provider used for customer support functions.
The spokesperson said all of those impacted have been contacted and Discord is currently working with law enforcement, cybersecurity experts and data protection authorities in the aftermath of the incident.
“We've secured the affected systems and ended work with the compromised vendor,” the spokesperson added. “We will not reward those responsible for their illegal actions.”
The comments from Discord follow reports from the prominent cybersecurity social media account vx-underground that the hackers behind the incident claimed to have stolen 1.5 terabytes of age verification-related photos, including more than 2 million images. The hackers have since disputed Discord’s claims that about 70,000 users were affected.
Discord previously said the stolen data includes names, Discord usernames, emails, IP addresses and messages that were exchanged with customer service agents. The hackers also accessed billing information that ranged from the last four digits of a credit card to a user's purchase history. Training materials and internal presentations were also stolen by the cybercriminals.
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.