Discord Reports Data Breach at Third-Party Service Provider

A cyberattack on a third-party provider led to the theft of user data, but Discord asserts its own systems were not directly compromised.

194d ago

Summary

On October 3, Discord disclosed a cyberattack on its third-party customer service provider, resulting in the theft of user data used for extortion. The affected individuals were those who had interacted with Discord’s support or trust and safety teams. Stolen information included chat logs, personal details, emails, IP addresses, transaction histories, payment data, partial credit card numbers, and age-verification ID photos. Discord revoked the provider’s access and confirmed no direct compromise of its own systems.

Terms & Concepts

Data Breach: An incident where confidential or sensitive information is accessed, stolen, or exposed without authorization.
Extortion Attack: A cybercrime in which attackers steal data and threaten to release or misuse it unless a ransom is paid.
Third-Party Service Provider: An external company contracted to provide services or support, which may have access to sensitive data.