Discord is contacting users to inform them that their data was accessed by an “unauthorized party” after one of its third-party customer service providers was compromised.
The threat actor did not breach Discord directly, the company says, but carried out the attack on Discord’s Zendesk instance with the intention of extorting Discord for a ransom payment.
The incident impacted users that had communicated with Discord’s Customer Support or Trust & Safety teams, with the hackers gaining access to names, usernames, contact details, IP addresses, and the last four digits of credit card numbers.
“The unauthorized party also gained access to a small number of government‑ID images,” the company says, adding that approximately 70,000 of those impacted may also have had photos exposed that had been used for age-related appeals.
However, the attackers claim to have stolen 1.5TB of age verification photos—totalling 2,185,151 images—which they are allegedly using to extort the company.
Spokespeople for the company have reportedly told both the BBC and Bleeping Computer that Discord will not be paying the ransom: “We will not reward those responsible for their illegal actions.”
In response to the breach, Discord immediately revoked the third party’s access to their ticketing system, and they are continuing to work with law enforcement to investigate the incident.
“As soon as we became aware of this attack, we took immediate steps to address the situation,” the company said. “This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement.”
Discord advises that it is in the process of contacting impacted users via email, and that users should not respond to any phone calls claiming to be from Discord or emails that are sent from any address other than [email protected].
“We recommend impacted users stay alert when receiving messages or other communication that may seem suspicious,” the company says.
“We take our responsibility to protect your personal data seriously and understand the inconvenience and concern this may cause.”
The Bigger Picture
In this incident, the attackers allegedly gained access to Discord’s Zendesk instance via a compromised account belonging to a support agent employed outsourced Business Process Outsourcing (BPO) provider. From there, they were able to access the Zenbar support application, where they could look up users’ information and disable multi-factor authentication.
Due to their widespread use amongst organizations looking to outsource their IT support and help desks, BPOs are becoming an increasingly popular target for cybercriminals, who target these services with the hope of gaining access to connected customer environments.
The Discord incident follows a wave of supply chain or third-party data breaches that have occurred over the past several months, with other notable attacks including Scattered Spider and ShinyHunters’ attacks against Salesforce instances over the summer.
Read More
