Following last week’s announcement regarding a security incident involving a third-party customer service provider, we want to address inaccurate claims from officials circulating online. First, as noted in our blog post, this was not a violation of Discord, but rather a third-party service that we use to support our customer service efforts. Second, the numbers shared are incorrect and part of an attempt to extort payment from Discord. Among affected accounts globally, we identified approximately 70,000 users who may have seen exposed government ID photos, which our provider used to review age-related calls. Third, we will not reward those responsible for their illegal actions.
All affected users worldwide have been contacted and we continue to work closely with law enforcement, data protection authorities and external security experts. We secured the affected systems and terminated work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concerns this may cause.