Discord has reported a significant security incident where the personal data of approximately 70,000 users, including government-issued ID photos, may have been compromised due to a cyberattack targeting a third-party customer service provider. The breach was discovered in late September and is linked to unauthorized access to data used for age verification, although Discord emphasized that its own systems were not breached. The company has engaged with law enforcement and data protection authorities and has revoked access from the affected vendor. While hackers claim to have accessed data from 5.5 million users, including substantial ticket transcripts and attachments, Discord disputes this, maintaining that the figures are exaggerated as part of an extortion attempt. They have stated that they will not pay the ransom demanded by the attackers, who initially sought $5 million but later reduced their demand to $3.5 million. This incident underscores the vulnerabilities inherent in outsourcing customer service operations, as attackers increasingly target third-party vendors to infiltrate larger organizations. The breach raises critical concerns regarding data security, the integrity of outsourced services, and the ongoing threat posed to user privacy in an era where personal information is highly commodified on the black market. As companies like Discord navigate these challenges, the incident highlights the necessity for robust cybersecurity measures and the importance of transparency in communicating with users about potential risks.