70,000 Discord User Data Leaked Due To Cyber Incident Against Third Party Vendors

Photo: Discord

JAKARTA - The popular communication platform Discord announced that there had been a security incident involving one of its third-party customer service vendors.

In a statement, Discord confirmed that there were no direct violations of their main system, but of external providers assisting in handling customer support and Trust & Security teams.

Discord said this incident had an impact on users who had previously been in contact with the Discord support team. Globally, Discord managed to identify around 70 thousand exposed user identities.

The data includes the name, username Discord, email, IP address, transaction history, last four digits of the user credit card, and even the perpetrators managed to get access to a small number of government identity images.

However, full credit card numbers, security codes (CCV), passwords, and user activity outside of support conversations were not involved in this incident.

Discord said the third party was attacked with the aim of extortion, in which the perpetrator tried to demand a ransom after obtaining some customer data.

Immediately after the attack was detected, the company revoked vendor access to the internal system, began internal investigations and computer forensics, and collaborated with law enforcement to investigate further.

The company is currently contacting affected users via official email [email protected], and warned users to be aware of phishing attempts or suspicious communications acting on behalf of Discord.

As a further step, Discord pledged to increase security audits of all third-party partners, review the threat detection system, and continue to coordinate with data protection authorities in various regions.