Discord Faces Data Breach Due to Third-Party Provider Compromise
Discord has confirmed that one of its third-party customer service providers was compromised by an unauthorized party, gaining access to limited user information. The breach, which aimed to extort a financial ransom from the company, did not involve direct access to Discord’s own systems, reports 24brussels.
The information potentially accessed includes names, usernames, email addresses, and the last four digits of credit card numbers. Additionally, a small number of images of government IDs belonging to users who had appealed age determinations were also exposed. Discord stated that full credit card numbers and passwords remain secure and were not impacted by this incident.
The company has promptly begun notifying the affected users via email, specifying if their ID may have been accessed. In response to the breach, Discord has revoked the compromised support provider’s access to its ticketing system, alerted data protection authorities, and is cooperating with law enforcement. The company is also conducting a review of its threat detection systems and security controls for third-party support providers.
As the situation unfolds, Discord has emphasized its commitment to enhancing security protocols to prevent future incidents. The breach highlights ongoing vulnerabilities associated with third-party services, underscoring the importance of robust security measures in the digital age. Stakeholders in the tech community will be closely monitoring Discord’s response and any potential consequences for user trust and platform security.