"Discord has confirmed customers' data was stolen - but says the culprit wasn't its own servers, just a compromised support vendor. The chat platform revealed late last week that an unnamed customer service vendor had been compromised, exposing support tickets and personal details submitted by users who had contacted Discord's help or Trust & Safety teams. The company stressed that its own systems were not directly accessed."
"However, stolen data may include names, email addresses, billing information such as payment type and the last four digits of credit cards, and - in some cases - images of government IDs provided for age verification purposes. Discord stated that attackers could access IP addresses, messages, and attachments sent to customer service agents. "An unauthorized party targeted our third-party customer support services to access user data, with a view to extort a financial ransom from Discord," the company said."
"Discord said it cut off the vendor's access as soon as the intrusion was detected, launched an internal investigation, and notified law enforcement. The company is now emailing affected users, warning them to stay alert for scams or attempts to exploit the stolen information. Some reports have named a customer support vendor, but the company has not confirmed that detail, nor has it named the contractor responsible for handling support tickets."
A third-party customer support vendor was compromised, allowing attackers to steal data submitted through support and Trust & Safety channels. Stolen information may include names, email addresses, billing details such as payment type and the last four digits of credit cards, IP addresses, messages, attachments, and in some cases images of government IDs used for age verification. Discord's own systems were not directly accessed. Discord cut the vendor's access, opened an internal investigation, and notified law enforcement. The company is emailing affected users and warning them to watch for scams or exploitation attempts. The vendor's identity and the total number of impacted users remain unconfirmed.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]