Discord Inc., the internet company behind the massively successful instant messaging and VoIP social platform, has informed the authorities of a data breach that impacts the personal information of a small number of people.
In the notice sent to impacted individuals on August 21, 2023, Discord informs that a third-party customer service that handles certain Discord user requests suffered a limited-scope data breach on March 29, 2023, when hackers breached an agent account.
Upon learning of the incident, Discord took immediate action to deactivate the compromised agent account and conduct an investigation to evaluate what data had been compromised. On June 13, 2023, Discord determined that a small number of individuals who used the third-party services had driver’s licenses and state identification card scans exposed.
This appears to be a data breach relating to some form of a verification process that a small number of users have to go through on Discord. Bot makers are expected to verify their bots when their reach is significant, but it is unclear if the exposure concerns this subcategory. Moreover, some Discord users have previously reported that specific 18+ channels have requested them to produce scans of ID or driver’s license to verify they’re adults.
In response to the situation, Discord has implemented additional security measures to prevent similar incidents from occurring in the future. At the same time, the internet company has also enclosed instructions on how to enroll in credit monitoring and identity protection services through IDX in the letters.
Discord community under fire
Just last week, Discord.io, a third-party service that allows Discord users to create custom invites to Discord channels, announced it had suffered a major data breach, exposing a wide range of sensitive information of its members, including usernames, billing addresses, encrypted passwords, and email addresses associated with the accounts.
This confirmation of a data breach came after a threat actor listed the data of 760,000 Discord.io on a hacker forum, noting that the breached database was still accessible. The platform decided to temporarily take down the site to probe the origins of the breach and bolster its security measures, a process that is still ongoing.