Social media platform Discord says hackers stole customers’ private info from one among its third-party customer support suppliers.
The incident, the corporate says, solely impacts customers who contacted Discord by means of its “Buyer Assist and/or Belief & Security groups”, and was restricted to the third-party supplier, with no Discord techniques affected.
The compromised consumer info consists of names, usernames, electronic mail addresses, contact info, billing info, IP addresses, messages exchanged with customer support brokers, and restricted company information.
For customers who appealed age willpower, authorities ID pictures had been additionally compromised, Discord notes.
The platform says no monetary info, Discord exercise and messages, or passwords and different authentication information was compromised within the incident.
Discord has began notifying the affected customers through electronic mail, has notified the related authorities, reviewed its menace detection techniques, and took steps to deal with the info breach.
“This included revoking the shopper help supplier’s entry to our ticketing system, launching an inner investigation, partaking a number one pc forensics agency to help our investigation and remediation efforts, and interesting legislation enforcement,” the corporate explains.
Discord is advising the affected customers to be cautious of unsolicited messages or different communication that will appear suspicious.Commercial. Scroll to proceed studying.
The corporate has not shared particulars on when the incident occurred, which third-party service was concerned, and what number of customers had been affected. The corporate has over 200 million lively month-to-month customers.
Risk intelligence and analysis mission Vx-Underground says the info breach occurred on September 20.
Some studies hyperlink the incident to the latest Salesforce extortion marketing campaign attributed to the Scattered LAPSUS$ Hunters menace group, however Vx-Underground, which described the incident as a Discord Zendesk compromise, mentioned Scattered LAPSUS$ Hunters will not be behind the assault. As a substitute it’s a bunch that “doesn’t have an attributed Risk Group title”.
SecurityWeek has emailed Discord for extra info on the incident and can replace this text if the corporate responds.
Associated: Beer Large Asahi Says Knowledge Stolen in Ransomware Assault
Associated: Hackers Extorting Salesforce After Stealing Knowledge From Dozens of Prospects
Associated: Knowledge Breach at Medical doctors Imaging Group Impacts 171,000 Folks
Associated: 1.2 Million Impacted by WestJet Knowledge Breach
