5.5 million accounts stolen? 2.1 million identity documents compromised? Figures that make you pale… On October 3, Discord announced that it had been the victim of a major hack, and the only figures provided were those of the hackers themselves. Discord has not yet communicated on this point.
Different figures, one reality…
In a blog post, published after an investigation following the incident, Discord shared new information on October 8 and provided only a number, revealing that it had “identified approximately 70,000 users whose official ID photos may have been exposed” around the world.
Discord does not return to the figures provided by its cyber attackers, but specifies that “they are incorrect and are part of an extortion attempt.” Consequently, the company indicates that it will not give in to their threats and will not pay.
However, according to hackers contacted by our colleagues at BleepingComputer, Discord is not completely transparent. The hackers still claim to have stolen 1.6 TB of data, which would correspond to the 5.5 million accounts announced. Additionally, according to the hackers, they have 2.1 million photo ID documents in their hands.
As the platform indicated, the hackers behind the attack managed to attack the service provider that provided customer service. Unlike the hackers, who accused the company Zendesk, Discord does not provide the name of its service provider, but claims that only users who contacted its customer support or security and confidentiality teams are potentially affected.
What information was compromised?
In addition to ID photos, other information may have been compromised, as Discord clarified last week. This includes names, usernames, email addresses and “other contact details” if they have been provided to your customer service department. Likewise, billing data, such as the last four digits of the bank card or payment method, may have been leaked if it was associated with the user’s account.
Passwords were not compromised, nor were full credit card numbers or CCD codes.
In collaboration with law enforcement in this incident, the platform stated that it had informed all affected users via email. It also ended its collaboration with the third-party vendor targeted by hackers.
Source: BFM TV
