Discord reports a security breach through which an unauthorized person could obtain names, email addresses, partial credit card data, and scanned documents of users who contacted customer support. This is reported by UNN with reference to The Verge.
Details
The company claims that "one of Discord's third-party service providers was compromised by an "unauthorized party."
The unauthorized person gained access to "information of a limited number of users who contacted Discord through our customer support and/or trust and safety services" and aimed to "extort a financial ransom from Discord." The unauthorized person "did not gain direct access to Discord."
As stated, the attackers could have gained access to usernames, their nicknames, email addresses, and the last four digits of credit card numbers. As well as to "a small number of photos of government documents of users who disputed their age." At the same time, full card numbers and passwords remained safe, the publication writes.
The company is currently notifying affected users by email.
Discord also reports that it has revoked the support provider's access to the Discord request system, notified data protection authorities, is cooperating with law enforcement, and has reviewed "our threat detection systems and security controls for third-party support providers."