Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Discord discloses third-party breach affecting customer support data

Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, IPs, and billing info. Discord disclosed a breach at a third-party customer support provider that exposed data of users who contacted its Support or Trust & Safety teams. The stolen info includes names, usernames, emails, contact and […]

Discord

Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, IPs, and billing info.

Discord disclosed a breach at a third-party customer support provider that exposed data of users who contacted its Support or Trust & Safety teams.

The stolen info includes names, usernames, emails, contact and billing details, IPs, and messages with agents. The instant messaging and VoIP social platform said government ID images were also exposed for users who appealed age verification decisions.

The company states that financial data (full credit card numbers or CCV codes) and passwords or authentication data were exposed.

Discord pointed out that its systems were not breached.

“Discord recently discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. This incident impacted a limited number of users who had communicated with our Customer Support or Trust & Safety teams.” reads the Update on the Security Incident published by the company.

This unauthorized party did not gain access to Discord directly. 

Discord promptly revoked the third-party provider’s access to its support systems and launched an internal investigation with the help of a leading computer forensics firm. The company notified law enforcement. Discord confirmed no data beyond user interactions with support agents was accessed and is notifying affected users via email.

Discord warns the impacted users to be aware of suspicious communications.

“Looking ahead, we recommend impacted users stay alert when receiving messages or other communication that may seem suspicious. We have service agents on hand to answer questions and provide additional support.” concludes the update.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)