Communications platform Discord has admitted that there has been a data breach.
In a blog post, the company wrote someone managed to get their hands on some user data via a third-party customer support service. They appear to have made off with user name, usernames, emails and other contact details that had been given to Discord's customer support team. Some payment information is also in the breach, along with IP addresses, messages with customer support and some corporate data.
More troubling is that "a small number" of government ID images are in the breach; users who appealed an age verification are impacted by this.
Discord has notified data protection authorities, engaged with law enforcement and looked at its own threat detection and security protocols.
There's no word as to what kind of malicious actor accessed this information.
"Recently, we discovered an incident where an unauthorised party compromised one of Discord’s third-party customer service providers," the company wrote.
"The unauthorised party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.
"As soon as we became aware of this attack, we took immediate steps to address the situation. This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement."











