Overview
- Discord says approximately 70,000 users who contacted Customer Support or Trust & Safety may have had government ID photos accessed through a third-party process.
- 5CA, the vendor named by Discord, states its systems were not involved, says it was not hacked, and claims it has not handled government-issued IDs for this client.
- 5CA reports preliminary findings pointing to possible human error and says there is no evidence of impact to other clients, with controls under heightened review.
- Hackers who claimed responsibility told BleepingComputer they accessed Discord’s Zendesk account for 58 hours on September 20 using compromised credentials of a third-party support agent.
- Discord maintains its core systems were not breached and is notifying affected users as both companies continue external forensic investigations.