"Name, Discord username, email and other contact details provided to Discord customer support. Payment type, last four digits of credit cards, and purchase history if associated with an account. IP addresses. Customer service agent messages. Limited corporate data (training materials, internal presentations). A small number of government‑ID images (e.g., driver's licenses or passports) from users who had appealed an age determination."
"While I think the phrase "a small number" might be doing a lot of work here, the attack is completely predictable. It seems inevitable that once governments - such as the current UK administration - force users to share high-level security data simply to use social media, the unregulated services that verify those ID documents will become attractive targets for attack."
"This is precisely what happened at Discord. That company turned to a third party to handle inquiries of this kind, that third party was hacked, and valuable data was stolen. This isn't even the first such attack. A year ago, an attack against US ID verification service AU10TIX exposed names, dates of birth, nationality, identification numbers, the type of documents uploaded (such as a drivers' license) and images of those documents."
Exposed data included names, Discord usernames, emails and other contact details submitted to Discord customer support, payment type and last four credit-card digits, purchase history, IP addresses, customer service agent messages, limited corporate training materials and internal presentations, and a small number of government-ID images from users who appealed age determinations. The breach did not include passwords, authentication data, full credit card numbers, CCV codes, or private Discord messages beyond those with customer support. The incident resulted from a third-party verification vendor being hacked after handling such inquiries. Government mandates requiring ID sharing increase risk by making verification services attractive targets; a prior AU10TIX breach exposed similar ID details and document images.
Read at Computerworld
Unable to calculate read time
Collection
[
|
...
]