A data breach at Discord occurred due to a compromised third-party customer support vendor, exposing sensitive user information over a two-week period before detection. The attackers accessed Discord’s ticketing system, stealing data such as email addresses, usernames, IP addresses, support ticket contents (including personal disputes and verification processes), and critically scanned government-issued IDs submitted for age verification. While passwords and payment details remained secure, the leaked data (including limited billing details and support chat histories) heightens risks of targeted phishing, identity theft, and reputational harm. The breach was confined to users who interacted with support during the exposure window, though the exact scale remains undisclosed. This incident follows a similar 2023 third-party compromise affecting ~200 accounts, underscoring persistent supply-chain vulnerabilities in Discord’s ecosystem. The company severed the vendor’s access and launched an investigation, but critics argue reactive measures are insufficient without broader reforms like zero-trust architectures or public vendor audits. Affected users are advised to enable two-factor authentication and monitor for fraud.
Source: https://www.webpronews.com/discord-data-breach-exposes-emails-ips-via-third-party-hack/
TPRM report: https://www.rankiteo.com/company/discord
"id": "dis2202022100525",
"linkid": "discord",
"type": "Breach",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Limited number of users who '
'interacted with support during '
'the exposure window (exact '
'number undisclosed)',
'industry': 'Technology / Social Media / Gaming',
'location': 'Global (HQ: San Francisco, California, '
'USA)',
'name': 'Discord',
'type': 'Digital Communication Platform'}],
'attack_vector': 'Compromised Third-Party Vendor (Customer Support Provider)',
'customer_advisories': ['Monitor for suspicious activity (e.g., phishing '
'attempts).',
'Update security settings, including enabling '
'two-factor authentication (2FA).'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Text (emails, usernames, chat '
'histories)',
'Images (scanned IDs)'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes government-issued IDs '
'and personal dispute histories)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Authentication Data (excluding '
'passwords)',
'Verification Documents',
'Support Communications']},
'description': 'A data breach at Discord, stemming from a compromised '
'third-party customer support provider, exposed sensitive user '
'information, including email addresses, usernames, IP '
'addresses, support ticket contents, and scanned '
'government-issued IDs submitted for age verification. The '
'breach did not involve passwords or payment details. The '
'incident unfolded over a two-week period before detection and '
'was confined to users who interacted with support during the '
'exposure window. Discord severed the vendor’s access and '
'initiated an investigation, but the exact scope remains '
'undisclosed. The breach highlights supply-chain '
'vulnerabilities and the risks of outsourcing critical support '
'functions.',
'impact': {'brand_reputation_impact': 'Potential damage due to repeated '
'third-party breaches and concerns over '
'user privacy',
'data_compromised': ['Email Addresses',
'Usernames',
'IP Addresses',
'Support Ticket Contents',
'Scanned Government-Issued IDs',
'Limited Billing Details',
'Support Chat Histories'],
'identity_theft_risk': 'High (due to exposure of government-issued '
'IDs and personal data enabling phishing)',
'operational_impact': 'Limited to users who interacted with '
'support during the exposure window; vendor '
'access severed',
'payment_information_risk': 'None (payment details not '
'compromised)',
'systems_affected': ['Discord Support Ticketing System']},
'initial_access_broker': {'entry_point': 'Compromised Third-Party Customer '
'Support Provider',
'high_value_targets': ['Support Ticketing System',
'User Verification Data '
'(IDs)'],
'reconnaissance_period': 'Two weeks (before '
'detection)'},
'investigation_status': 'Ongoing (as of the report)',
'lessons_learned': ['Supply-chain vulnerabilities pose significant risks, '
'especially when outsourcing critical functions like '
'customer support.',
'Shared access protocols with third-party vendors must '
'prioritize robust authentication over efficiency.',
'Reactive measures (e.g., post-breach investigations) are '
'insufficient; proactive safeguards like zero-trust '
'architectures are needed.',
'Transparency in data handling and public audits of '
'vendor security postures can build user trust.',
'Requiring sensitive documents (e.g., government IDs) for '
'verification introduces high risks if breached.'],
'post_incident_analysis': {'corrective_actions': ['Enhancing threat detection '
'systems (pledged).',
'Potential adoption of '
'zero-trust architectures '
'(suggested by experts).',
'Improved vendor vetting '
'and access monitoring '
'(implied).'],
'root_causes': ['Inadequate security controls for '
'third-party vendor access.',
'Over-reliance on shared access '
'protocols without robust '
'authentication.',
'Lack of proactive threat '
'detection for supply-chain '
'risks.']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Adopt zero-trust security models to mitigate third-party '
'risks.',
'Conduct rigorous vetting and continuous monitoring of '
'third-party vendors.',
'Implement stricter access controls and multi-factor '
'authentication for vendor integrations.',
'Enhance user advisories with clear, actionable steps '
'(e.g., enabling 2FA, monitoring for phishing).',
'Explore alternatives to collecting sensitive '
'verification documents (e.g., anonymized or tokenized '
'data).',
'Proactively disclose breach scopes to avoid speculation '
'and maintain credibility.'],
'references': [{'source': 'Tom’s Hardware'},
{'source': 'Hackread'},
{'source': 'BleepingComputer'}],
'response': {'communication_strategy': ['Advisories to affected users to '
'monitor for suspicious activity and '
'update security settings (e.g., '
'enable 2FA)'],
'containment_measures': ['Severed compromised vendor’s access to '
'support systems'],
'enhanced_monitoring': 'Pledged to enhance threat detection '
'systems',
'incident_response_plan_activated': True,
'remediation_measures': ['Comprehensive investigation initiated',
'Enhancement of threat detection '
'systems (pledged)']},
'title': 'Discord Third-Party Customer Support Data Breach',
'type': ['Data Breach', 'Supply-Chain Attack'],
'vulnerability_exploited': ['Inadequate Vendor Vetting',
'Shared Access Protocols with Weak '
'Authentication']}