A third-party customer service supplier used by Discord was hacked due to the “unauthorized side”, which led to data violation, including “a small number of state and Ides”.
Last Friday, Discord notified users This “information from a limited number of users” who contacted its support for customers or trust and security teams.
This included identifiers from those who appealed the age definition, emphasizing the potential consequences of security using third -party companies to comply with the online security law.
Dataled data lists the data that were violated, which included:
- The name, user's name Discord, email and other contact details if provided by Discord customers
- Type of payment, the last four digits of credit cards and the history of purchases, if related to account
- IP -address
- Messages with customer service agents
- Limited corporate data (training materials, internal presentations)
- A small number of government images (for example, driver’s license, passport) from users who appealed the age definition
The dispersal from the data did not include passwords or authentication data full of credit card numbers or CCV code, or messages and activities in relation to Discord “In addition to discussions with customer support”.
“As soon as we learned about this attack, we took immediate steps to solve the situation,” the company said.
“This included the recall of access to the supplier of customer support to our ticket sales system, launching an internal investigation, attracting a leading computer forensic company to support our investigation and correction efforts, as well as law enforcement agencies.”
Users affected by data violations will receive an email with [email protected]. Discord will not contact the injured users by phone.
Those whose identifier, access to which was access, will be specially notified in an email.