(Credit: Silas Stein/picture alliance via Getty Images)
Don't miss out on our latest stories. Add PCMag as a preferred source on Google.
Some Discord users may have been impacted by a new data breach after one of the platform’s third-party customer service providers was compromised.
Discord says that although the attacker did not gain direct access to its own systems, data such as real names, email addresses, and limited billing details (including payment type, the last four digits of credit cards, and purchase history linked to user accounts) may have been exposed. In addition, the company says the unauthorized party may have gained access to a “small number” of government IDs.
However, Discord confirmed that full credit card numbers or CVV codes, passwords or authentication data, and messages or other in-app activity beyond customer support interactions were not affected. The breach involved data from “a limited number of users” who had contacted its Customer Support and/or Trust & Safety teams, Discord says.
Discord is advising users to watch for suspicious messages or communications and to contact its customer service agents for any additional questions or support regarding the incident. The platform says it is currently working with law enforcement to investigate the breach and will email any users who have been affected.
It can't be said for certain who is really behind the attack, as Discord hasn't named the culprit. But a loose coalition of cybercriminals known as the “Scattered Lapsus$ Hunters” is taking responsibility for the cyberattack.
According to cybersecurity publication HackRead, the group has shared screenshots on messaging app Telegram, which show they gained access to some of Discord's internal tools, while threatening to post the leaked data online and mocking the platform's support team. The group has in the past claimed responsibility for cyberattacks on a variety of major companies, including car manufacturer Jaguar Land Rover and British supermarket chain Marks & Spencer.