Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Popular chat and gaming platform Discord says limited customer data was compromised as part of a cyber extortion attempt. Scattered Lapsus$ Shiny Hunters claims credit.
Discord, popular with gamers the world over for its chat and community functions, has disclosed a cyber security incident impacting one of its third-party support providers, with some customer data compromised.
“Recently, we discovered an incident where an unauthorised party compromised one of Discord’s third-party customer service providers,” Discord said in a 3 October statement.
“The unauthorised party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.”
Upon learning of the attack, Discord revoked the provider’s access to its ticketing system and launched an investigation with the assistance of a leading computer forensics firm. The company has also been in contact with law enforcement regarding the incident and is currently in the process of contacting impacted users.
According to Discord, the threat actor responsible for the incident was attempting to “extort a financial ransom” from the company.
Discord has not been able to confirm the exact data compromised, but said it may include names, Discord usernames, contact details, the last four digits of credit cards, purchase histories, IP addresses, support messages, and corporate data such as presentations and training material.
“The unauthorised party also gained access to a small number of government ID images (e.g., driver’s license, passport) from users who had appealed an age determination,” Discord said.
“If your ID may have been accessed, that will be specified in the email you receive.”
Discord said full credit card details were not impacted, nor were non-customer support messages and activity. Passwords and authentication data are also safe.
“Discord has and will continue to take all appropriate steps in response to this situation. As standard, we will continue to frequently audit our third-party systems to ensure they meet our security and privacy standards,” Discord said.
“Looking ahead, we recommend impacted users stay alert when receiving messages or other communication that may seem suspicious. We have service agents on hand to answer questions and provide additional support.”
A group calling itself Scattered Lapsus$ Shiny Hunters has claimed responsibility for the incident on its Telegram channel, sharing several emails that it says are associated with Discord’s support provider.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
