Security nightmare at Discord: customer data at risk from third parties!

Security nightmare at Discord: customer data at risk from third parties!

Discord has disclosed a security incident that occurred through a third-party customer service provider. The company's data security was undermined, although Discord's internal systems themselves were not affected. Crypto News reports that unauthorized parties have gained access to user data collected through queries to customer service or trust and safety teams.

The compromised information includes, but is not limited to, contact details, limited billing information and ID images of affected users. Specifically, names, Discord usernames, email addresses, IP addresses and some other personal information were exposed. Critically, hackers also accessed limited payment information, such as the last four digits of credit cards and purchase history.

Details about the incident

The attackers were only able to access information related to customer requests. Messages or activities that went beyond the range of support remained unaffected. Discord immediately revoked the affected third party's access to its ticketing system and initiated an investigation in collaboration with a computer forensics firm and law enforcement. Affected users will be informed of the incident by email, while official communications will not be made by telephone.

Additionally, the report states that no full credit card numbers, CCV codes, passwords or authentication credentials are affected. This means that the safety of users in this area was not jeopardized. In light of this incident, Discord has also notified relevant data protection authorities and announced comprehensive reviews of third-party threat detection systems and security controls.

Recommendations for affected users

Users whose data may have been compromised should be particularly cautious and watch out for phishing attempts. Discord's official communication will clearly occur via email, and it is recommended to review all messages to confirm authenticity.

In summary, this incident highlights the challenges organizations face when securing data through third-party providers. Discord plans to conduct more frequent audits of third-party systems to ensure security and privacy standards. This could be crucial to maintaining user trust in the platform in the long term.