Discord user data leaked after breach at customer service partner: Here’s what was exposed
Communication platform Discord has confirmed that its user data was compromised during a third-party customer service hack. The platform, with over 200 million users, allows its customers to send free text, voice, and video messages in private chats or through private communities called ‘servers’.
Discord confirmed that the hack impacted a ‘limited number’ of users who had communicated with the company’s customer support team. The hackers did not directly access Discord but got the data via one of the company’s third-party customer service providers.
The platform says that the hack was conducted in order to gain access to user data and extort a financial ransom from Discord.
“Recently, we discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams,” Discord said in the blog post.
“As soon as we became aware of this attack, we took immediate steps to address the situation. This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement,” the company added.
What data was compromised by the Discord hack?
Discord says the impacted data was related to the customer service system, which could include: Name, Discord username, email, and other contact details if provided to Discord customer support.
Moreover, ‘limited billing information’ like payment type, the last four digits of the user’s credit card, and purchase history, along with the user’s IP address, messages with customer service agents, and limited corporate data like training material and internal presentations may also have been compromised.
The company also notes that hackers may also have “gained access to a small number of government-ID images (e.g., driver’s license, passport) from users who had appealed an age determination.”
Discord assures users that their full credit card numbers and CVV, password, authentication data, and messages or activity on Discord beyond what may have been discussed with customer support are secure.
The company says it has notified the relevant data protection authorities and proactively engaged with law enforcement to investigate the attack. It has also begun sending emails to the affected users to notify them about the attack.
