Hackers have stolen partial payment information and sensitive personal data from a number of Discord users after compromising a third-party customer support system used by the company.
The breach occurred on September 20 and impacted a ‘limited number of users’ who interacted with Discord’s customer support or Trust and Safety teams, according to a notice sent to affected users. Exposed data includes real names, usernames, email addresses, contact details, and in some cases, photos of government-issued IDs such as driver’s licenses and passports. Partial billing information, like payment types and the last four digits of credit cards, was also compromised.
Discord said the attackers gained access via an unauthorized breach of a third-party customer service platform, which threat group Scattered Lapsus$ Hunters (SLH) claimed was Zendesk. Although SLH initially appeared to take credit for the attack, they later said that a different group was behind it.
An image posted by the hackers showed an access control list from Kolide, a device-trust system integrated with Okta, which Discord uses for identity and access management. The incident is believed to be financially motivated, with hackers demanding a ransom in exchange for not leaking the stolen data.
Cybersecurity expert Alon Gal, CTO of Hudson Rock, noted that if the stolen data is leaked, it could help trace various online scams and crypto-related crimes. “If it leaks, this db is going to be huge for solving crypto related hacks and scams because scammers don’t often remember using a burner email and VPN and almost all of them are on Discord,” Gal said.