Government ID photos of approximately 70,000 Discord users worldwide may have been exposed after hackers breached a third-party age verification contractor. The attacker also potentially accessed names, email addresses, IP addresses, and customer service messages, though no full credit card details or passwords were stolen.
Discord disclosed the breach last week, but the scale of ID photo exposure emerged on Wednesday. The UK's Information Commissioner's Office (ICO) confirmed it had received a report from Discord and is assessing the information. The compromised data came from users who submitted ID photos to verify their age after being locked out of the platform.
Discord stated that an unauthorised party compromised one of its third-party customer service providers, gaining access to data from users who contacted support for age-related appeals. The company identified about 70,000 accounts globally where government ID photos may have been exposed.
Cybersecurity experts warn that age verification providers are becoming prime targets for hackers due to the sensitive data they hold. Nathan Webb of Acumen Cyber called the breach 'very concerning', noting that businesses remain accountable for data protection even when outsourcing processes.
