One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says. The unauthorized party gained access to “information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams” and aimed to “extort a financial ransom from Discord.” The unauthorized party “did not gain access to Discord directly.”
Data potentially accessed by the hack includes things like names, usernames, emails, and the last four digits of credit card numbers. The unauthorized party also accessed a “small number” of images of government IDs from “users who had appealed an age determination.” Full credit card numbers and passwords were not impacted by the breach, Discord says.
The company is notifying impacted users now over email. If your ID might have been accessed, Discord will specify that. Discord also says it revoked the support provider’s access to Discord’s ticketing system, has notified data protection authorities, is working with law enforcement, and has reviewed “our threat detection systems and security controls for third-party support providers.”
Read the full article here
