Social media platform Discord says hackers stole customers’ private info from one in every of its third-party customer support suppliers.
The incident, the corporate says, solely impacts customers who contacted Discord by its “Buyer Help and/or Belief & Security groups”, and was restricted to the third-party supplier, with no Discord techniques affected.
The compromised consumer info contains names, usernames, electronic mail addresses, contact info, billing info, IP addresses, messages exchanged with customer support brokers, and restricted company information.
For customers who appealed age willpower, authorities ID photographs have been additionally compromised, Discord notes.
The platform says no monetary info, Discord exercise and messages, or passwords and different authentication information was compromised within the incident.
Discord has began notifying the affected customers by way of electronic mail, has notified the related authorities, reviewed its risk detection techniques, and took steps to handle the data breach.
“This included revoking the client assist supplier’s entry to our ticketing system, launching an inner investigation, partaking a number one laptop forensics agency to assist our investigation and remediation efforts, and fascinating regulation enforcement,” the corporate explains.
Discord is advising the affected customers to be cautious of unsolicited messages or different communication that will appear suspicious.
The corporate has not shared particulars on when the incident occurred, which third-party service was concerned, and what number of customers have been affected. The corporate has over 200 million lively month-to-month customers.
Menace intelligence and analysis undertaking Vx-Underground says the data breach occurred on September 20.
Some studies hyperlink the incident to the current Salesforce extortion marketing campaign attributed to the Scattered LAPSUS$ Hunters risk group, however Vx-Underground, which described the incident as a Discord Zendesk compromise, stated Scattered LAPSUS$ Hunters just isn’t behind the assault. As an alternative it’s a bunch that “doesn’t have an attributed Menace Group identify”.
information.killnetswitch has emailed Discord for extra info on the incident and can replace this text if the corporate responds.
