Overview
- Discord’s latest update identifies about 70,000 users whose government‑ID images used in age‑related appeals may have been exposed through a compromised customer support provider.
- Exposed support‑ticket data can include names, Discord usernames, emails, IP addresses, messages with support, and limited billing details, while full credit card numbers, passwords, and general chat logs were not accessed.
- Attackers and some researchers claim a far bigger trove of roughly 1.5 TB and more than 2 million age‑verification photos, but Discord disputes those figures and says they are part of an extortion attempt.
- Discord revoked the vendor’s access, engaged external forensics, notified law enforcement and data‑protection authorities, and is emailing impacted users from [email protected].
- Reporting points to Zendesk as the support platform involved; Zendesk says its own systems were not compromised and that the incident did not stem from a vulnerability in its platform, renewing scrutiny of age‑verification data handled by third parties.