Discord announced that a hacker compromised one of their third-party support systems and accessed user support tickets.
Overall, the main Discord servers are secure - the breach involved a third-party service that supports customer service. If you reached out to Discord Support for assistance, it is possible that your support message is included in the compromised data.
Hackers gained access to the third-party service provider Discord uses as its customer support platform.
Once the hackers had taken the data, they attempted to blackmail Discord, claiming they would leak the stolen ticket data unless they received a payoff.
Discord moved quickly:
1. Quickly check your email and Discord will notify you if your data was involved.
2. Be on the lookout for false notifications or emails that look to be from Discord Support.
3. Be mindful of posting ID photos on the internet unless absolutely necessary.
4. Enable two-factor authentication (2FA) on your Discord account.
5. Stay vigilant with your other accounts in case someone attempts to use your data.
Discord's core systems were not hacked, but they had a security flaw in the customer support portal.
If your data was involved with the breach, please do not be alarmed, but stay vigilant.
Overall, the main Discord servers are secure - the breach involved a third-party service that supports customer service. If you reached out to Discord Support for assistance, it is possible that your support message is included in the compromised data.
What data was exposed?
Fortunately, not everything was revealed. Passwords and complete credit card numbers are not exposed. However, some users had other personal information compromised, including the following: -- Names, usernames and email addresses
- The last 4 digits of credit card numbers and payment information
- IP addresses and the messages sent to the support team
- A small number of ID photos (e.g., drivers' licenses or passports) used for age verification purposes.
How did the hackers pull it off?
The incident happened on or around September 20.Hackers gained access to the third-party service provider Discord uses as its customer support platform.
Once the hackers had taken the data, they attempted to blackmail Discord, claiming they would leak the stolen ticket data unless they received a payoff.
Discord moved quickly:
- They blocked access to the hacker
- They initiated an investigation with security experts
- They began notifying users impacted by the data breach
- They are also working with law enforcement to trace the hackers.
What steps should be taken?
If you're a Discord user, follow these steps right away:1. Quickly check your email and Discord will notify you if your data was involved.
2. Be on the lookout for false notifications or emails that look to be from Discord Support.
3. Be mindful of posting ID photos on the internet unless absolutely necessary.
4. Enable two-factor authentication (2FA) on your Discord account.
5. Stay vigilant with your other accounts in case someone attempts to use your data.
In Closing
This data issue serves as a reminder that even large corporations can be impacted through a third-party partner.Discord's core systems were not hacked, but they had a security flaw in the customer support portal.
If your data was involved with the breach, please do not be alarmed, but stay vigilant.
