Discord, the widely used communication platform, recently revealed a significant data breach that has left about 70,000 users vulnerable. The incident occurred due to a compromise of a third-party vendor that services Discord's customer support and trust and safety teams.
On October 3, Discord made an announcement regarding the breach and followed up with additional information on October 6. The company disclosed that government ID photos were among the sensitive data that had been reportedly compromised. Users had provided these ID photos to the vendor to assist with age verification processes. "No messages or activities were accessed beyond what users may have discussed with customer support or trust & safety agents," said Discord in their statement regarding the breach.
"No messages or activities were accessed beyond what users may have discussed with customer support or trust & safety agents,"
The age restrictions on Discord are stringent; users must be a minimum of 13 years old in the US and Canada, with varying limits in other regions. Additionally, certain age-restricted content is accessible only to users who are at least 18 years of age.
In their communications, Discord acknowledged the extent of the breach and its seriousness. "We immediately revoked the customer support provider's access to our ticketing system and continue to investigate this matter," they stated.
"We immediately revoked the customer support provider's access to our ticketing system and continue to investigate this matter,"
By the Numbers
By the Numbers
By the Numbers
While Discord cited 70,000 affected users, other reports, including one from cybersecurity group VX-Underground, claimed that the attackers allegedly exfiltrated 1.5 terabytes of data, which includes over 2 million images tied to age verification appeals. In response to these claims, a Discord spokesperson stated, "the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. We will not reward those responsible for their illegal actions."
This unfortunate breach exemplifies a growing trend among cybercriminals who demand ransom payments following hacks. "An unauthorized party targeted our third-party customer support services to access user data, with a view to extort a financial ransom from Discord," the company explained. Law enforcement agencies have been brought into the investigation in order to address the issue effectively.
"An unauthorized party targeted our third-party customer support services to access user data, with a view to extort a financial ransom from Discord,"
By the Numbers
By the Numbers
Furthermore, the scope of the exposed data carries potential risks; Discord confirmed that the stolen information might include users' names, usernames, email addresses, and contact details provided to customer support. The company also indicated that limited billing details, such as the last four digits of credit card numbers, were compromised, though complete credit card numbers and CVV codes were not accessed. Passwords and authentication data remained secure during the breach.
As online platforms increasingly navigate complex age verification laws in various jurisdictions, incidents like these have heightened concerns regarding data security and privacy. Indeed, the situation at Discord may foreshadow similar breaches as more services struggle to ensure compliance with these regulations.
In closing, the ramifications of this incident resonate well beyond just the affected users. As more online services require users to verify their ages, the demand for safeguards against data breaches will continue to climb. Until then, companies like Discord face ongoing challenges in protecting the sensitive information of their users while navigating the complicated landscape of online safety and security.