Social media platform Discord on Wednesday confirmed that hackers stole photographs of presidency identification paperwork for 70,000 customers as a part of the latest knowledge breach.
The corporate revealed the incident on October 3, blaming it on a third-party service it makes use of for buyer assist and saying that solely people who interacted with its Buyer Assist or Belief & Security groups had been affected.
“Of the accounts impacted globally, now we have recognized roughly 70,000 customers that will have had government-ID photographs uncovered, which our vendor used to evaluation age-related appeals,” Discord mentioned in an October 8 replace.
The hackers additionally compromised names, Discord usernames, e mail addresses, contact particulars, billing data, IP addresses, messages exchanged with the assist groups, and restricted company knowledge, the corporate has revealed.
Whereas Discord says solely “a small variety of authorities‑ID photographs” had been uncovered within the incident, the hackers declare to have obtained 1.5 terabytes of such knowledge, or 2,185,151 photographs, the menace intelligence and analysis challenge Vx-Underground says.
The information breach was the results of a broader marketing campaign concentrating on the Zendesk software program suite, which occurred over a month in the past, Vx-Underground notes.
“Discord Zendesk falls inside [the] scope of this malicious marketing campaign. Discord confirmed they had been a sufferer of this malicious marketing campaign on their press launch web page after they disclosed their compromise,” Vx-Underground says.
The menace actors accountable for the incident, who haven’t recognized themselves, have supplied proof of compromise to Vx-Underground and different safety researchers and mentioned they had been actively attempting to extort Discord.Commercial. Scroll to proceed studying.
“They’re threatening to launch the stolen knowledge if Discord doesn’t pay them an undisclosed amount of cash. In line with the menace actors, Discord is ignoring them and/or not complying with their calls for,” Vx-Underground says.
Earlier this week, Zendesk advised SecurityWeek that the Discord incident was not the results of a vulnerability in its platform, and that its techniques weren’t compromised.
SecurityWeek has emailed each Discord and Zendesk for statements on the matter and can replace this text if both of the businesses responds.
In Could 2023, Discord disclosed a knowledge breach that arose from the compromise of “a third-party customer support agent’s assist ticket queue”. Whereas the corporate didn’t title the hacked service, experiences on the time advised that it was Zendesk.
Associated: Ransomware Group Claims Assault on Beer Big Asahi
Associated: Hackers Stole Knowledge From Public Security Comms Agency BK Applied sciences
Associated: Consolidate Distributors and Merchandise for Higher Safety
Associated: Mississippi Creates New Cyber Unit, Names 1st Director
