Over the weekend, Discord users have reported that they received an email from the popular messaging platform stating that some of their personal data has been breached by an “unauthorised party”. However, the platform itself has not been hacked; rather, a third-party customer service platform meant to resolve issues related to users’ Discord accounts.
Several reports claim that the compromised data includes full names, email addresses, IP addresses, government ID details, and the last four numbers on a user’s credit or debit card. Even exchanges and attachments between user and customer service were also compromised.
As per the circulating emails users have received online, Discord confirms that the hack occurred on 20 September. According to the official press release, the messaging platform stated that it “took immediate steps to address the situation” the moment the company was made aware of the attack.
The messaging platform elaborated further that the steps include “revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement.” Discord also speculated that the breach occurred because the unauthorised party wanted to extort a financial ransom from the company.
The company reassured its users that the main platform has not been compromised and that users’ full credit card numbers or CCV codes, Discord activity and messages, and passwords or authentication data are safe. However, it is recommended for users to update their login credentials as a precaution to ensure account security.
(Source: Discord [Press Release], Tom’s Hardware, X)
