A security incident has put Discord users on alert after a third-party vendor, 5CA, experienced a data breach. The incident exposed the government identification photos of roughly 70,000 users globally, which were used to verify age-related appeals. Discord emphasizes that its own systems weren’t breached; rather, the vulnerability stemmed from a compromised customer service vendor. The attacker aimed to extort a ransom from Discord, gaining access to a limited set of user information.
Affected users are those who recently interacted with Discord’s Customer Support or Trust and Safety teams. The compromised data includes names, usernames, email addresses, and contact details shared with customer service. Also exposed were limited billing details like payment type, the last four digits of credit cards, and purchase histories, along with IP addresses and message exchanges with support agents. Discord has reassured users that full credit card numbers, CCV codes, passwords, and authentication data were not compromised. Access was limited to information shared during support interactions.
Upon discovering the breach, Discord immediately terminated the vendor’s access. An internal investigation was launched, and a leading computer forensics firm was hired. Law enforcement has been engaged. Discord is notifying affected users via email from noreply@discord.com and advising vigilance against suspicious communications. The company is also reassessing security protocols for all third-party support vendors, underscoring its commitment to user privacy and security.
Also Read: Why Nikhil Kamath’s Investment in Nothing Is a Turning Point for India’s Smartphone Future?
