MESSAGING PLATFORM DISCORD has said that around 70,000 users may have had their government-ID photos leaked after an age verification firm it used was hacked.

Discord is an instant messaging platform that is popular with gamers.

In a post on Discord’s website, the platform said it recently discovered that a third-party firm it used to review age verification checks was hacked.

A spokesperson for Discord said the hacker targeted a third-party customer support service to access user data, “with a view to extort a financial ransom from Discord”.

Discord noted that this was not a breach of Discord itself, but rather of the third-party age verification firm.

Discord added that the hack has impacted a “limited number of users who had communicated with our Customer Support or Trust & Safety teams”.

Of all the accounts impacted globally by the hack, Discord said it has identified around 70,000 users that may have had their government-ID photos leaked.

These photos would have been provided by users making age-related appeals to Discord’s customer services contractor in cases where they may have been locked out of the platform.

Other data that may also have been taken includes users names, Discord usernames, emails, and any other contact details provided to Discord customer support.

The hacker may also have access to some limited billing information such as payment type, the last four digits of credit cards.

Discord added that “no messages or activities were accessed beyond what users may have discussed with Customer Support or Trust & Safety agents”.

Meanwhile, Discord said that full credit card numbers or CCV codes were not seized in the hack, nor were messages or activity on Discord beyond what users may have discussed with customer support.

Passwords or authentication data were also unaffected.

Discord said it “immediately revoked the customer support provider’s access” after it discovered the issue and that it is “working closely with law enforcement to investigate this matter”.

Discord has also launched an internal investigation and said it is “engaging a leading computer forensics firm to support our investigation and remediation efforts”.

It is also in the process of emailing the impacted users, who will be contact from you will noreply@discord.com

Users will be made aware if their ID has been accessed if they receive an email.

The Ireland server on Discord has close to 3,300 members.

Discord said that it will “continue to frequently audit our third-party systems to ensure they meet our security and privacy standards”.

A spokesperson added that it has notified relevant data protection authorities, proactively engaged with law enforcement to investigate this attack, and reviewed threat detection systems and security controls for third-party support providers.

Discord has also recommended that impacted users “stay alert when receiving messages or other communication that may seem suspicious”.