Discord User Data Leaks Through Third Party Customer Service

DOC Discord

JAKARTA Discord confirmed that a number of user data was leaked. This happened because the data stored by one of the third-party customer service providers was burglarized by an irresponsible party.

This cybercriminal managed to break into the customer service provider system. As a result, the irresponsible party managed to access sensitive user data.

This data comes from customer reports to the Customer Support team or Discord Security & Trust.

"Unauthorized parties are targeting our third-party customer support service to access user data, with the aim of extorting ransom from Discord," Discord said in a broadcast, quoted on Saturday, October 4.

Discord has taken action even though this issue comes from third-party customer service. The platform has revoked access to third-party vendors to their ticket systems. They have also started an in-depth internal investigation into the incident.

Discord has involved a leading computer forensic firm to support investigative and remediation efforts. They also involve law enforcement to thoroughly investigate these cyberattacks. The company is committed to addressing this situation as a whole.

The leaked information includes names, Discord usernames, email addresses, and other contact details. Other sensitive information that may be accessed is limited collection data such as the last four digits of credit cards and purchase history.

Unauthorized parties also gain access to a small number of official identity images such as SIMs and passports from users who appeal age determinations. Discord confirmed that some of the data were not involved in these violations, including a complete credit card number.

Messages or activities on Discord outside of customer support discussions are also safe, as well as passwords and authentication data. Discord is contacting affected users via official email [email protected] to urge all users to remain vigilant.

"We advise affected users to remain vigilant when receiving messages or other communications that may seem suspicious," Discord said.

Discord will continue to audit third-party systems periodically to strengthen its security standards. The company has notified relevant data protection authorities and reviewed its security controls for third-party support vendors.