Discord has revealed that one of its third-party customer service providers has been compromised in a recent data breach by an unnamed group, raising serious concerns about safety and security.
However, the company defended its platform, saying that the said unauthorized party did not gain direct access to Discord and its servers.
Discord's Third-Party Customer Service Now Compromised
Discord has shared an update regarding their recent reporting of a data breach involving one of its third-party customer service providers, which remains nameless. The company only referred to the threat actors as an "unauthorized party" who gained access to information and data of a limited number of Discord users.
These users were those who had contacted customer service before through the Customer Support channel and the Trust & Safety teams on the platform. Upon learning of this attack, Discord said that it immediately revoked the third-party customer service provider's access to its ticketing system to mitigate the breach.
According to Discord, it has immediately dealt with the issue by launching an investigation, working with a computer forensics firm to help with their probe, looking towards "remediation efforts," and also working with law enforcement.
The company is now in the process of contacting the user accounts whose data and information were compromised by this attack.
Leaked User Info, Photo IDs in Discord Data Breach
Discord's latest update also shared specifics on which data were compromised in the said attack, with information like usernames, emails, and the last four digits of their credit card numbers included. The company also revealed that the threat actors were able to obtain information like IP addresses, messages with their customer service agents, and limited corporate data.
According to The Verge, Discord assures the public that full credit card numbers, passwords, and other sensitive information were not accessed by the unauthorized party.
That said, Discord also shared that a small number of government IDs with the users' photos were also accessed by the threat actors.
Discord also reported that the unauthorized party has been extorting the company for financial ransom for the said data they have on hand.
For now, the company said that it will continue to work with law enforcement officials to investigate the attack and catch the perpetrators. Additionally, the company will also review its threat detection systems as well as the security controls placed for its third-party support providers.
Discord also shares a warning for users to be on the lookout for suspicious messages that they may receive on the platform and to immediately ask for assistance from their service agents for additional support.
ⓒ 2025 TECHTIMES.com All rights reserved. Do not reproduce without permission.
