Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.

Discord Customer Service Data Breached; Government-ID Images, and User Details Stolen

posted by hubie on Sunday October 12 2025, @06:37AM   Printer-friendly
from the laughing-in-IRC dept.
Security

An Anonymous Coward writes:

Discord has revealed that one of its customer service providers has suffered a data breach. The attackers gained access to Government-ID images, and user details.

Discord doesn't actually mention when the breach took place, it only says it "recently discovered an incident". The fact that Government ID images were stolen is important, the U.K.'s Online Safety Act came into effect on July 25, 2025. So, that means the data breach happened sometime between then and October 3rd, when the news about the incident was revealed. It's also worth noting that the victim of the hack was a third-party customer service that has not been named.

As for the attack, the incident involved an unauthorized party compromising one of the messaging services' customer service providers, which in turn allowed the hackers access to limited customer data, pertaining to those who had contacted Customer Support and/or Trust & Safety teams. Discord says it revoked the breached service provider's access to its ticketing system. It is investigating the matter with the help of a computer forensics firm, and is working with law enforcement. Users who were impacted by the incident are being notified via an email that is sent from [email protected]

Here's what Discord says the hackers managed to access: Name, Discord username, email and other contact details that were provided to customer support, billing information such as payment type, the last four digits of credit cards, and purchase history of the accounts, IP addresses, messages with customer service agents, and limited corporate data (training materials, internal presentations).

There was something else.

"The unauthorized party also gained access to a small number of government?ID images (e.g., driver's license, passport) from users who had appealed an age determination. If your ID may have been accessed, that will be specified in the email you receive."

The story continues:

https://www.ghacks.net/2025/10/06/discord-customer-service-data-breached-government-id-images-and-user-details-stolen/

Original Submission

Related Stories

Privacy Is Not a Price You Pay for Growth 6 comments

canopic jug writes:

Privacy is prerequisite for free thought, dissent, experimentation, and innovation, which are in turn prerequisites for democracy. At NBTV, Naomi Brockwell has posted four reasons why limits on privacy are absolutely not a price worth paying for mainstream adoption.

Today I participated in a Privacy Salon in Denver where we debated a proposition that cuts to the core of the modern privacy movement:

"Limits on privacy are a price worth paying for mainstream adoption of cryptographic privacy."

I was on the "no" side alongside Matt Green, with Evin McMullen and Wei Dai arguing "yes."

It was a lively, thoughtful exchange that forced us to confront a deeper question: is weakening privacy simply the cost of scale?

Below is my opening statement from the debate.

The false argument about having nothing to hide does not hold water. As Ed Snowden observed years ago, "arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say."

Previously:
(2026) Ring Cancels Flock Deal After Dystopian Super Bowl Ad Prompts Mass Outrage
(2026) Discord Will Require a Face Scan or ID for Full Access Next Month
(2026) "ICE Out of Our Faces Act" Would Ban ICE and CBP Use of Facial Recognition
(2025) Big Tech Wants Direct Access to Our Brains
(2025) Discord Customer Service Data Breached; Government-ID Images, and User Details Stolen
(2025) A Surveillance Vendor Was Caught Exploiting a New SS7 Attack to Track People's Phone Locations
... and many more

Original Submission

This discussion was created by hubie (1068) for logged-in users only, but now has been archived. No new comments can be posted.
Discord Customer Service Data Breached; Government-ID Images, and User Details Stolen | Log In/Create an Account | Top | 8 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 4, Interesting) by Ox0000 on Sunday October 12 2025, @08:09AM

    by Ox0000 (5111) on Sunday October 12 2025, @08:09AM (#1420455)

    Meh, just another day, just another breach...
    F'all will change because it's not the company's data that was breached, it's the data for its cattle products marks damnit, I mean 'valued community members'.

    Here's the corporate communications playbook for how these kinds of events typically play out:

    1. Ignore or deny everything
    2. There was a thing that happened but don't worry, your data is safe
    3. Your privacy is important to us and we apply industry best-practices
    4. They may have gotten access to some things that are not important
    5. They got deeper than we said they did earlier
    6. They actually got stuff that relates directly to your privacy, we are so sorry (that we have to tell you this, not that it happened)
    7. Also, did we tell you it was not our fault but some contractor who we are very happy to throw under the bus
    8. They got into the inner sanctum and they got to everything and anything, but fear not, here is two years of credit monitoring
    9. That news article by that reporter explaining how our security was pretty much non-existent... don't believe them... because, it's embarrassing to us

    Now regardless of this particular breach, and I'm in no way intending to downplay the effects that this breach will have on those affected by it; I have a genuine question: why are gov issued IDs sensitive?
    I have a hard time believing that it's because of the inherent data on them. This leads me to believe that it's sensitive because of how companies - specifically companies, not govs (govs are different) - are dealing with the data on those documents. It seems similar to me as how SSNs have become de-facto passwords in the US even though the SSA explicitly instructs that "SSNs should not be used as identifiers" on their web site.

    To me, the problem is not the data on these documents or even the document itself, it's that the data on these documents is used as "some secret that will get you access to other data, money, or services".
    The problem seems to reside in the usage of the data on these documents.

  • (Score: 3, Informative) by turgid on Sunday October 12 2025, @10:17AM (6 children)

    by turgid (4318) Subscriber Badge on Sunday October 12 2025, @10:17AM (#1420466) Journal

    They seem determined to give us this Digital ID single point of failure. Push back [bigbrotherwatch.org.uk].

    I signed a petition, which was very popular. In the email reply, the TL;DR was essentially, "You're getting it whether you like it or not. Suck it up."

    Push back more.

(1)