Discord has disclosed that approximately 70,000 users may have had their government-issued ID photos exposed in a recent data breach. The breach stemmed from a vulnerability in a third-party provider (Zendesk) used by Discord’s support team, particularly in relation to age verification and appeals. Besides the ID photos, related data like usernames, emails, IP addresses, and portions of credit card information (last 4 digits) may have been exposed.
Discord responded by cutting ties with the compromised vendor, alerting those affected, and working with law enforcement and cybersecurity experts to contain damage. The Verge+1 This incident underlines the increasing vulnerability that arises when sensitive personal data is handled by third parties, especially in verification processes. It shows the necessity of strong vendor risk management, zero-trust policies, and secure processes even when operations are outsourced.
