A significant cybersecurity incident has led to the potential exposure of over 70,000 Discord users’ IDs and sensitive personal information. This breach occurred on September 20, affecting users who had submitted government ID photos for age verification purposes.
Details of the Discord Hack
The breach occurred through a third-party service provider, 5CA, which Discord utilized to comply with regulatory requirements, such as the UK’s Online Safety Act and the EU’s Digital Services Act. As a result, users were asked to verify their ages by submitting photos of their government-issued identification, including driving licenses and passports.
Extent of the Compromise
While Discord initially indicated that only a limited number of users were affected, further investigation revealed that approximately 70,000 accounts could have compromised ID images. However, Cyber Security News suggests the extent of the breach is much larger. They estimate that up to 5.5 million unique users may have been impacted, with hackers accessing around 1.5 terabytes of sensitive data during a 58-hour window of unauthorized access.
Potentially Exposed Information
- Name
- Discord username
- Email and other contact details
- Limited billing information (payment type and last four digits of credit card)
- IP addresses
- Messages exchanged with customer service agents
- Some government-issued ID images
Discord has clarified that full credit card numbers, CVV codes, and passwords were not part of the data exposed. They assure users that they are taking all necessary steps to address the breach and protect user data.
Company Response and User Recommendations
In response to the incident, Discord has committed to auditing its third-party systems more frequently to enhance security measures. The company has also reached out to relevant authorities and law enforcement to investigate the attack.
Impacted users can expect direct communication from Discord outlining the next steps. In the meantime, users are advised to remain vigilant about suspicious communications and utilize Discord’s support services for any queries or concerns.
Discord emphasizes its dedication to safeguarding personal data and acknowledges the distress this breach may cause its user base.
