Discord users are reeling in after the platform faced a significant data breach, exposing sensitive information of all. Popular communication platform has confirmed the incident involves a third-party support provider, leading to theft of user data. With some personal details like payment information and IDs now potentially in the wrong hands, the user base is reacting with a wave of concern and anger, with many even openly discussing legal action against Discord.
Discord data breach leads to user outcry and legal threats
The announcement of a data breach has ignited a firestorm of criticism coming from the Discord community. The users have taken over social media to voice their frustration and their sense of betrayal. Some are even calling out Discord for its new ID verification requirement, saying, “what a great company, can’t even protect our personal info. Locks us out our account, and says give me your face and ID then leaks it.”
Many are even questioning the data handling practices of the platform, while threatening legal action. “Who’s ready for the class action?” asked an X user, capturing many users’ mood or rather, frustration.
Another user was quick to echo on to this sentiment, stating, “Time to sue.”
The user’s breach of trust is just palpable. One of them on X posted about the Discord data breach, commenting, “I appreciate the email and the warning, but when I signed up for Discord, I trusted that my data would be handled responsibly.” “Even if my full payment information wasn’t leaked, I consider that my data was handled negligently,” the user added further.
Users question Discord’s intentions to keep their personal data even after verification
For a few, this exposure has been deeply personal. One of them lamented, “My erp with the discord support staff ticket just got leaked it’s over 🥀.”
The disclosure of the government IDs even provoked alarm. A user tweeted, “I’m more surprised discord KEPT YOUR GOVERNMENT ID ON THEIR DATABASES rather than them getting a data breach what the actual f*** man.”
The disclosure of the government IDs even provoked alarm. Many tweeted that they are surprised, Discord kept their databases, even after verification. The confusion over the data retention policies after the age verification was quite a common theme. A user argued, “yes??? why the f*** would they have any need to keep your ID past verifying your age.” The user, with it, tried to point out how the proper age verification services delete sensitive documents immediately, and here, Discord failed.
A few were even annoyed with this whole thing. A user commented, “This is so annoying i hate my ip address being shared at this point i should probaly just buy an wifi router every month to protect myself.”
The complete frustration seen in the comments of the posts mentioning the Discord data breach was palpable. Users felt they had been let down by the service that they so highly rely on. A user even expressed an ultimate level of frustration, putting forward his sentiment succinctly, saying, “‘Billion Dollar Company lol🥀✌️”
What is the scope of the Discord data leak?
If asked, what exactly was stolen, as per reports, the breach didn’t include the main servers. The unauthorized actor compromised a 3rd-party vendor that was used for customer support. The attacker was able to access all tickets that were submitted by the users who previously contacted the support of Discord or the Trust & Safety teams.
The exposed data is quite extensive. It includes names of users, their usernames, IP addresses and also email addresses. The limited billing information, like the last 4 digits of credit card numbers, was even accessed. Quite alarmingly, the breach included a “small number” of the imagers from the government IDs, quite specifically, those who submitted them for appealing age-related account determination.
It’s been stated by Discord that the goal of the attacker was to extort financial ransom. The company has assured that “full credit card numbers/ CCV codes – Messages outside of support tickets – Passwords / Authentication data,” was not a part of this incident. All the impacted users are getting notified through email coming from ‘noreply@discord.com.’ They are being advised to remain vigilant of any phishing attempts or identity theft.
