Discord, the popular video game chat platform, has informed users about a data breach that has potentially compromised the personal information required for age verification.

Last week, the company reported that unauthorized individuals accessed one of Discord’s third-party customer service providers, impacting “a limited number of users” who interacted with customer service or the trust and safety teams.

Compromised data could encompass usernames, email addresses, billing details, the last four digits of credit card numbers, IP addresses, and messages exchanged with customer support.

According to Discord, the alleged attackers “gained access to a small number of government ID images (e.g., driver’s licenses, passports, etc.) from users who submitted appeals regarding their age verification.

The affected users were informed as of last week.

“If any ID is accessed, it will be explicitly mentioned in the email you receive,” Discord stated.

The support system was reportedly exploited to retrieve user data in an attempt to extort a financial ransom from Discord, the company clarified.

Discord mentioned that the third-party provider has since revoked access to the ticketing system and has initiated an internal investigation in collaboration with law enforcement.

Users who received the notification indicated that the attack likely occurred on September 20th.

With over 200 million active users each month, Discord continues to grow.

Earlier this year, Discord began verifying user ages in the UK and Australia using facial age verification tools. The company stated that age verification face and ID images are “deleted immediately afterwards,” but according to their website, users can reach out to the trust and safety team for a manual review if verification fails.

Under the upcoming social media ban for users under 16, effective December 10, the Australian government specified that platforms like Discord will have various ways to verify user ages and hopes to address unfavorable decisions swiftly.

As part of the age verification scheme, the platform can request an ID document, though it is not the sole method of age verification available under their policy.

Australia’s Privacy Committee has confirmed that it has been notified of the breach involving Discord.

Discord has been contacted for further comments.