Discord data leak: attackers gained access to user information and ID photos
Kyiv • UNN
Discord reports a data leak due to a compromised third-party vendor, which allowed access to names, email addresses, partial credit card data, and photos of documents of users who contacted customer support. The company has revoked the vendor's access, notified data protection authorities, and is cooperating with law enforcement.
Discord reports a security breach through which an unauthorized person could obtain names, email addresses, partial credit card data, and scanned documents of users who contacted customer support. This is reported by UNN with reference to The Verge.
Details
The company claims that "one of Discord's third-party service providers was compromised by an "unauthorized party."
The unauthorized person gained access to "information of a limited number of users who contacted Discord through our customer support and/or trust and safety services" and aimed to "extort a financial ransom from Discord." The unauthorized person "did not gain direct access to Discord."
As stated, the attackers could have gained access to usernames, their nicknames, email addresses, and the last four digits of credit card numbers. As well as to "a small number of photos of government documents of users who disputed their age." At the same time, full card numbers and passwords remained safe, the publication writes.
The company is currently notifying affected users by email.
Discord also reports that it has revoked the support provider's access to the Discord request system, notified data protection authorities, is cooperating with law enforcement, and has reviewed "our threat detection systems and security controls for third-party support providers."