Third-Party Vendor Breach

To begin with, hackers targeted a third-party company hired by Discord to perform age verification checks. As a result, the government ID photos of nearly 70,000 users worldwide may have been exposed.

Data Potentially Stolen

In addition to ID photos, attackers may also have accessed users’ names, email addresses, contact details, IP addresses, and chats with Discord’s support team. However, it is important to note that no full credit card details or passwords were taken. Meanwhile, reports suggest the hackers are attempting to extort a ransom from the company.

 

 

Breach Disclosure

Furthermore, although the breach was first revealed last week, the true scale—about 70,000 compromised ID photos—came to light on Wednesday. The UK’s Information Commissioner’s Office (ICO) has since confirmed receiving a report from Discord and is currently reviewing the case.

How the Photos Were Collected

Moreover, the stolen ID photos came from users who had submitted documents to appeal age-related account lockouts. Since July, under the UK’s Online Safety Act, age verification has been mandatory for social media and messaging platforms. Consequently, experts warn that verification providers are becoming prime targets for cybercriminals due to the large volumes of sensitive data involved.

Also Read This- What’s Different in WhatsApp’s Latest iOS Update?

Also Read This- New Sora App Update Lets Users Manage Likeness and Characters

Discord’s Response

In response, Discord admitted that the breach occurred through one of its third-party customer service vendors. The company acknowledged that approximately 70,000 accounts may have been affected, with both government ID photos and Discord usernames exposed.

Expert Warning

Finally, cybersecurity expert Nathan Webb of UK-based Acumen Cyber described the incident as “very serious.” He emphasized: “Even if companies outsource services, they are still responsible for protecting data and maintaining strong security standards.”