Doesn't seem like they did. From the original article I referenced earlier:
One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says. [...] The unauthorized party “did not gain access to Discord directly.”
The third party company shouldn't ever need to see the IDs, either. Same issue.
When governments do things the wrong way around, like mandating age control before they have a method for doing that in a secure manner, what's a company to do?