After confirming data breach earlier in the month, Discord has now said that around 70,000 users may had their government ID photos exposed which were used by its third party vendor review age-related appeals. The platform which has over 200 million users globally had earlier said that a ‘limited number’ of users who had communicated with the company’s customer support team were affected by the data leak.
The company also says that hackers did not access Discord directly but got access to the user data via one of the company’s third-party customers service providers.
“Recently, we discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.” the company said in a blogpost
“As soon as we became aware of this attack, we took immediate steps to address the situation. This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement.” it added
Discord did not name the third-party customer service provider but said in the blogpost that their access to the company’s ticketing system has b een revoked and is continuing to investigate the matter.
The company says that it has informed the data protection authorities and engaged with law enforcement officials to investigate the attack. It is also emailing the users impacted by the attack.
The company advices users to stay alert when ‘receiving messages or other communication that may seem suspicious’.
What data was compromised with the attack?
Discord says the impacted data was related to the customer service system, which could include: Name, Discord username, email, and other contact details if provided to Discord customer support.
Moreover, ‘limited billing information’ like payment type, the last four digits of the user’s credit card, and purchase history, along with the user’s IP address, messages with customer service agents, and limited corporate data like training material and internal presentations may also have been compromised.
The company also notes that hackers may also have “gained access to a small number of government-ID images (e.g., driver’s license, passport) from users who had appealed an age determination.”
Discord assures users that their full credit card numbers and CVV, password, authentication data, and messages or activity on Discord beyond what may have been discussed with customer support are secure.
About the Author
