As we all know, Discord is the ultimate home for countless gaming clans, movie fan servers, content creators, and community-driven groups. So, when such reports surfaced of a massive hack claiming to hold 1.5 terabytes of age verification photos (over 2.1 million user IDs), it sent ripples and goosebumps across the users. Discord officially stated that their third-party support vendor was compromised by the Hackers. However, they also said the claims of hackers are exaggerated because according to their investigation, only 70,000 ID photos were exposed. Yet, this figure is still an estimation and recently even Discord has published an official statement on their Site: "Update on a Security Incident Involving Third-Party Customer Service" acknowledging that an unauthorized party has targeted a third-party vendor used in Discord’s support operations. They even stated the breach didn’t hit its core systems. It's unfortunate that about 70,000 users or more may have had their government ID photos exposed, but Discord calls that a "small number" compared to the claims by hackers.
Additional data that was possibly exposed also includes the names, Discord usernames, email addresses, IP addresses, support messages, and also limited billing info (for example, last four digits of the credit card) but full credit card numbers, passwords, or users’ chat messages outside support weren't exposed. Even though it's not a direct breach of Discord’s main systems, but the users should be alert after such an incident occurred recently.
The 1.5 TB and 2.1 million image numbers make dramatic headlines, but Discord’s own audit suggests a far smaller impact: about 70,000 exposed IDs. Whether or not the hackers’ claims are true, the risk vector is real. It's high time to treat identity documents (driver’s licenses, passports, selfies) as highly sensitive assets, we should only share when it is absolutely required, enable two-factor authentication, use unique strong passwords, and monitor accounts tied to our email. At last, Discord confirms the exposure of identity documents but also states the scale is far lower than hacker claims, because the main systems of the platform were not breached. What do you guys think of this recent data breach in Discord? Let us know your own thoughts in the Comments.