Discord confirms government ID photos of users were stolen by hackers

Discord has responded to the recent reports that an unauthorized party stole 1.5 terabytes worth of age verification images from a third-party customer service provider. The claims were that the group responsible for the hack stole 2 million images of Discord users.

2

Discord has responded to these reports, with a spokesperson informing Insider Gaming that 2 million age verification images isn't an accurate figure, and that Discord has identified around 70,000 users "that may have had government-ID photos exposed, which our vendor used to review age-related appeals."

Discord also notes that this hack was not a breach of Discord itself, but a breach of a third-party customer service provider that has since been severed from Discord's ticketing process.

The blog post also states that Discord will not be rewarding those responsible for their illegal actions, which refers to previous reports that claimed the group responsible for the hack was using the purported 1.5TB of data as a means of financial extortion against Discord. The hack took place in late September, and Discord confirmed the event occurred on October 3.

The online communication platform stated that information such as Discord usernames, email addresses, IP addresses, and "limited" personal information was accessed by the unauthorized third party.

"Following last week's announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord.

Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions.

All affected users globally have been contacted and we continue to work closely with law enforcement, data protection authorities, and external security experts. We've secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause," wrote Discord to Insider Gaming