Social media platform Discord says hackers stole customers’ private data from certainly one of its third-party customer support suppliers.
The incident, the corporate says, solely impacts customers who contacted Discord by means of its “Buyer Help and/or Belief & Security groups”, and was restricted to the third-party supplier, with no Discord techniques affected.
The compromised person data consists of names, usernames, e-mail addresses, contact data, billing data, IP addresses, messages exchanged with customer support brokers, and restricted company knowledge.
For customers who appealed age dedication, authorities ID photographs had been additionally compromised, Discord notes.
The platform says no monetary data, Discord exercise and messages, or passwords and different authentication knowledge was compromised within the incident.
Discord has began notifying the affected customers by way of e-mail, has notified the related authorities, reviewed its risk detection techniques, and took steps to handle the info breach.
“This included revoking the shopper assist supplier’s entry to our ticketing system, launching an inside investigation, partaking a number one laptop forensics agency to assist our investigation and remediation efforts, and interesting legislation enforcement,” the corporate explains.
Discord is advising the affected customers to be cautious of unsolicited messages or different communication which will appear suspicious.
The corporate has not shared particulars on when the incident occurred, which third-party service was concerned, and what number of customers had been affected. The corporate has over 200 million energetic month-to-month customers.
Risk intelligence and analysis undertaking Vx-Underground says the info breach occurred on September 20.
Some reviews hyperlink the incident to the latest Salesforce extortion marketing campaign attributed to the Scattered LAPSUS$ Hunters risk group, however Vx-Underground, which described the incident as a Discord Zendesk compromise, mentioned Scattered LAPSUS$ Hunters isn’t behind the assault. As a substitute it’s a gaggle that “doesn’t have an attributed Risk Group identify”.
SecurityWeek has emailed Discord for extra data on the incident and can replace this text if the corporate responds.
Associated: Beer Large Asahi Says Information Stolen in Ransomware Assault
Associated: Hackers Extorting Salesforce After Stealing Information From Dozens of Prospects
Associated: Information Breach at Medical doctors Imaging Group Impacts 171,000 Folks
Associated: 1.2 Million Impacted by WestJet Information Breach
