Alerts
Discord blamed a vendor for its data breach — now the vendor says it was ‘not hacked,’ creating confusion over what really happened. The incident, which allegedly exposed 70,000 government ID photos, is now at the center of a growing dispute between Discord and its customer service provider, 5CA.
According to Discord, the breach affected a limited number of users who interacted with its Customer Support or Trust & Safety teams. The company stated that around 70,000 global users might have had government ID photos exposed. These IDs were reportedly used to verify age-related appeals.
Discord emphasized that “this was not a breach of Discord, but rather a breach of a third-party service provider, 5CA.” The company assured users that its internal systems remain secure and that it has taken measures to strengthen data protection processes.
5CA, the customer support vendor named by Discord, has pushed back against those claims. In a public statement, 5CA firmly denied any system compromise, saying, “None of 5CA’s systems were involved, and 5CA has not handled any government-issued IDs for this client.”
The company further noted that all its platforms remain secure, with data continuing to be protected under strict encryption and monitoring systems. 5CA has launched an ongoing forensic investigation in collaboration with Discord, cybersecurity experts, and ethical hackers.
While denying a direct hack, 5CA suggested that human error may have contributed to the incident. According to its statement, “Our preliminary information suggests the incident may have resulted from human error, the extent of which is still under investigation.”
The company added that no other clients or systems were affected and that access controls and encryption remain fully operational. As a precaution, all security measures are now under heightened review.
Discord’s initial statement claimed that 5CA used government ID photos for reviewing age appeals, but 5CA disputes this, saying it never handled any such sensitive data for Discord. This contradiction leaves users wondering who actually had custody of the ID photos that may have leaked.
Both companies have remained tight-lipped on further details. Discord has yet to clarify whether another vendor might have been involved, while 5CA has promised to share verified findings once its investigation concludes.
The dispute between Discord and 5CA highlights a broader issue of accountability when outsourcing sensitive user data to third-party vendors. Cybersecurity experts warn that even if a company isn’t directly breached, insufficient oversight of external partners can lead to major privacy risks.
Users are now demanding transparency. Both Discord and 5CA face pressure to clarify who was responsible and how government ID data ended up exposed.
If you’ve interacted with Discord’s Customer Support or Trust & Safety teams, it’s wise to monitor your accounts and emails for unusual activity. While Discord insists the breach did not impact its internal systems, the uncertainty surrounding the vendor’s role means users should stay cautious.
The case also serves as a reminder for companies to vet third-party vendors carefully — ensuring data handling responsibilities are clear and that security standards align with user trust expectations.
Discord blamed a vendor for its data breach — now the vendor says it was ‘not hacked.’ The conflicting statements from both companies reveal how complicated modern cybersecurity incidents can be when multiple service providers are involved.
Until official findings are released, the situation remains murky — and users are left waiting for answers about where their data really went.
Access our platform effortlessly on-the-go through our user-friendly mobile apps.
𝗦𝗲𝗺𝗮𝘀𝗼𝗰𝗶𝗮𝗹 𝗶𝘀 𝘄𝗵𝗲𝗿𝗲 𝗿𝗲𝗮𝗹 𝗽𝗲𝗼𝗽𝗹𝗲 𝗰𝗼𝗻𝗻𝗲𝗰𝘁, 𝗴𝗿𝗼𝘄, 𝗮𝗻𝗱 𝗯𝗲𝗹𝗼𝗻𝗴. We’re more than just a social platform — from jobs and blogs to events and daily chats, we bring people and ideas together in one simple, meaningful space.
