Social media platform Discord says hackers stole users’ personal information from one of its third-party customer service providers.
The incident, the company says, only affects users who contacted Discord through its “Customer Support and/or Trust & Safety teams”, and was limited to the third-party provider, with no Discord systems affected.
The compromised user information includes names, usernames, email addresses, contact information, billing information, IP addresses, messages exchanged with customer service agents, and limited corporate data.
For users who appealed age determination, government ID images were also compromised, Discord notes.
The platform says no financial information, Discord activity and messages, or passwords and other authentication data was compromised in the incident.
Discord has started notifying the affected users via email, has notified the relevant authorities, reviewed its threat detection systems, and took steps to address the data breach.
“This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement,” the company explains.
Discord is advising the affected users to be wary of unsolicited messages or other communication that may seem suspicious.
The company has not shared details on when the incident occurred, which third-party service was involved, and how many users were affected. The company has over 200 million active monthly users.
Threat intelligence and research project Vx-Underground says the data breach occurred on September 20.
Some reports link the incident to the recent Salesforce extortion campaign attributed to the Scattered LAPSUS$ Hunters threat group, but Vx-Underground, which described the incident as a Discord Zendesk compromise, said Scattered LAPSUS$ Hunters is not behind the attack. Instead it’s a group that “does not have an attributed Threat Group name”.
SecurityWeek has emailed Discord for additional information on the incident and will update this article if the company responds.
Related: Beer Giant Asahi Says Data Stolen in Ransomware Attack
Related: Hackers Extorting Salesforce After Stealing Data From Dozens of Customers
Related: Data Breach at Doctors Imaging Group Impacts 171,000 People
Related: 1.2 Million Impacted by WestJet Data Breach
