Discord: “ID photos of 70K users may have been exposed”

Chat platform Discord suspects that identity documents of approximately 70,000 users have been leaked.

“Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals,” Discord says in an updated statement.

Earlier this week, Discord disclosed a data breach at a third-party that’s being used for customer service.

The threat actor managed to steal personal and sensitive information of a “limited number of users,” including full names, usernames, email addresses, other contact details provided to customer service, the last four digits of credit card numbers, IP addresses, messages with Discord’s customer service agents, and corporate data such as internal presentations.

“Looking ahead, we recommend impacted users stay alert when receiving messages or other communication that may seem suspicious. We have service agents on hand to answer questions and provide additional support,” Discord said in a press release.

Although not confirmed, according to vx-underground, the third-party company that Discord has mentioned is Zendesk, an American company that provides Software-as-a-Service (SaaS) products related to customer support and sales.

He claims that the attackers were able to get hold of 1.5TB of age-verification-related photos, which comes down to 2,185,151 photos.

“2.1 million Discord users’ driver’s licenses and/or passports might be leaked. Unknown number of e-mails,” vx-underground claims, but this has yet to be officially confirmed by Discord.

In an increasing number of countries, age verification has been made mandatory by the authorities. Therefore, Discord launched an experiment using facial recognition technology to estimate a user’s age last month.

Users who didn’t agree with the outcome of the automated age verification process had to send a photo of their ID to customer service. This group appears to be the victim of ID leaks.