Just Realized logo

Just Realized

Chronicles of the gig economy, autonomous vehicles, and the platforms reshaping transportation and delivery. Covering Uber, Lyft, DoorDash, Tesla, Waymo, and the race to autonomous mobility.

Discord customer service data breach leaks user info and scanned photo IDs

privacy cybersecurity information security crime discord

Discord suffered a data breach through one of its third-party customer service providers. An unauthorized party compromised the provider and gained access to information from users who had contacted Discord's Customer Support and Trust & Safety teams. The attackers attempted to extort a financial ransom from Discord.

The breach exposed names, usernames, emails, and the last four digits of credit card numbers. More concerning, the attackers accessed a "small number" of images of government-issued IDs from users who had appealed age determinations. Full credit card numbers and passwords weren't compromised.

Discord is emailing impacted users now. If your government ID might have been accessed, the email will specifically call that out.

The company says the unauthorized party "did not gain access to Discord directly"—the breach happened at the third-party support provider level. Discord has revoked the provider's access to its ticketing system, notified data protection authorities, and is working with law enforcement. The company also reviewed "our threat detection systems and security controls for third-party support providers."

This breach hits differently than your typical username-and-email leak. Government-issued IDs are permanent—you can't just change your driver's license number like you'd rotate a password. When that data gets out, it stays out, and it can be used for identity theft, synthetic identity fraud, or sold on dark web marketplaces.

The "small number" qualifier doesn't make it better. If your scanned ID is in that small number, you're dealing with the full impact of the breach regardless of how many other people got hit.

Discord's reliance on third-party customer service providers created this vulnerability. That's not unique to Discord—lots of companies outsource support operations—but it's a reminder that your data security is only as strong as the weakest link in the vendor chain. When you hand over a government ID to verify your age on a platform, you're trusting not just that platform, but every third-party service provider they use.

The extortion attempt suggests this was a targeted attack, not just opportunistic access. Attackers who go after customer service databases know exactly what they're looking for—verified identity data that's worth real money.

If you've ever contacted Discord support or appealed an age determination, watch for that email and take it seriously. Consider placing a fraud alert on your credit reports if your ID was compromised.

Source: The Verge

All Tags

cryptocurrency (2) finance (1) banking (1) regulation (7) bitcoin (1) technology (66) autonomous-vehicle (1) california (4) gig-economy (14) legislation (1) lyft (11) rideshare (21) uber (19) rivian (3) ai (5) automotive (4) electric vehicle (6) chevrolet (1) tesla (12) climate (4) autonomous vehicle (15) transportation (10) doordash (10) delivery (12) law (4) waymo (5) privacy (2) cybersecurity (3) information security (2) crime (2) discord (1) nashville (1) may mobility (2) atlanta (1) amazon (5) zoox (1) las vegas (1) stocks (35) sp 100 (1) gig economy (3) grubhub (5) business (4) settlement (1) false advertising (1) restaurants (1) san francisco (5) lucid (1) investment (1) arlington (1) texas (2) sp 500 (2) acquisition (7) food (6) byd (1) restructuring (3) openai (5) bankruptcy (2) bird (3) micromobility (4) comcast (1) internet (1) xfinity (1) boeing (1) car (8) mercedes benz (1) layoff (4) bolt financial (1) paypal (2) lime (2) taylor swift (1) adobe (2) antitrust (3) figma (2) app store (2) epic games (1) google (5) mexico (2) travel (8) twil (2) airline (1) alaska air (1) foodpanda (1) grab (3) meituan (1) spanish (2) culture (1) history (1) meta (5) personal growth (1) english (1) translation (1) microsoft (6) generative ai (2) sam altman (3) protest (1) leadership change (1) milestone (1) money (8) singapore (2) ipo (2) shein (1) valuation (1) fast fashion (1) e commerce (1) competition (1) financial report (1) personal finance (1) intuit (1) wework (1) real estate (1) downsizing (1) job market (1) linkedin (1) office space (1) pandemic (1) consumer rights (1) transparency (1) ftc (1) junk fees (1) gaming industry (1) activision blizzard (1) board (1) sec (3) chatgpt (1) art (1) carl icahn (1) compliance (1) george soros (1) ev (4) ford (4) nio (2) 23andme (1) data scraping (1) genetic data (1) dna (1) homekit (3) mysa (1) review (1) smarthome (4) wall street (1) bing (1) federal court (1) market dominance (1) open web (1) satya nadella (1) search (1) testimony (1) cruise (1) ethics (1) hit and run (1) public safety (1) kim kardashian (1) celebrity (1) advertisement (1) elon musk (1) twitter (2) bank (1) spac (1) ikea (1) matter (3) thread (1) apple (4) ios (1) iphone (1) interoperability (1) closure (1) cloud gaming (1) game (2) shut down (1) streaming (1) api (1) racism (1) twilio (1) take two (1) youtube (1) graphic card (1) nvidia (3) intel (5) amd (4) manufacturing (1) photoshop (1) rental (3) just eat (3) dmv (1) refund (1) tax (1) kia (1) bicycle (1) exercise (1) peloton (1) video (1) scooter (1) hertz (2) semiconductor (3) book (1) france (1) paris (1) pinterest (1) fine (1) uk (1) biotechnology (1) covid (2) moderna (1) vaccine (2) who (1) pfizer (1) netflix (3) los angeles (1) movies (1) nyc (1) alcohol (1) ibm (1) macbook pro (1) macos (1) operating system (1) usa (2)