Discord discloses third-party breach affecting customer support data

Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, IPs, and billing info.

Discord disclosed a breach at a third-party customer support provider that exposed data of users who contacted its Support or Trust & Safety teams.

The stolen info includes names, usernames, emails, contact and billing details, IPs, and messages with agents. The instant messaging and VoIP social platform said government ID images were also exposed for users who appealed age verification decisions.

The company states that financial data (full credit card numbers or CCV codes) and passwords or authentication data were exposed.

Discord pointed out that its systems were not breached.

“Discord recently discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. This incident impacted a limited number of users who had communicated with our Customer Support or Trust & Safety teams.” reads the Update on the Security Incident published by the company.

This unauthorized party did not gain access to Discord directly. “

Discord promptly revoked the third-party provider’s access to its support systems and launched an internal investigation with the help of a leading computer forensics firm. The company notified law enforcement. Discord confirmed no data beyond user interactions with support agents was accessed and is notifying affected users via email.

Discord warns the impacted users to be aware of suspicious communications.

“Looking ahead, we recommend impacted users stay alert when receiving messages or other communication that may seem suspicious. We have service agents on hand to answer questions and provide additional support.” concludes the update.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)