Social media platform Discord on Wednesday confirmed that hackers stole pictures of presidency identification paperwork for 70,000 customers as a part of the current data breach.
The corporate revealed the incident on October 3, blaming it on a third-party service it makes use of for buyer assist and saying that solely people who interacted with its Buyer Help or Belief & Security groups have been affected.
“Of the accounts impacted globally, we’ve got recognized roughly 70,000 customers which will have had government-ID pictures uncovered, which our vendor used to overview age-related appeals,” Discord mentioned in an October 8 replace.
The hackers additionally compromised names, Discord usernames, e mail addresses, contact particulars, billing data, IP addresses, messages exchanged with the assist groups, and restricted company information, the corporate has revealed.
Whereas Discord says solely “a small variety of authorities‑ID photographs” have been uncovered within the incident, the hackers declare to have obtained 1.5 terabytes of such information, or 2,185,151 pictures, the menace intelligence and analysis mission Vx-Underground says.
The data breach was the results of a broader marketing campaign concentrating on the Zendesk software program suite, which occurred over a month in the past, Vx-Underground notes.
“Discord Zendesk falls inside [the] scope of this malicious marketing campaign. Discord confirmed they have been a sufferer of this malicious marketing campaign on their press launch web page after they disclosed their compromise,” Vx-Underground says.
The menace actors answerable for the incident, who haven’t recognized themselves, have offered proof of compromise to Vx-Underground and different security researchers and mentioned they have been actively attempting to extort Discord.
“They’re threatening to launch the stolen information if Discord doesn’t pay them an undisclosed amount of cash. Based on the menace actors, Discord is ignoring them and/or not complying with their calls for,” Vx-Underground says.
Earlier this week, Zendesk advised information.killnetswitch that the Discord incident was not the results of a vulnerability in its platform, and that its programs weren’t compromised.
information.killnetswitch has emailed each Discord and Zendesk for statements on the matter and can replace this text if both of the businesses responds.
In Could 2023, Discord disclosed a data breach that arose from the compromise of “a third-party customer support agent’s assist ticket queue”. Whereas the corporate didn’t title the hacked service, reviews on the time advised that it was Zendesk.
