Discord experienced a security breach via a third-party customer service vendor, exposing government-issued ID photos of approximately 70,000 users. The incident, discovered in late September 2023, targeted the platform’s age verification system used for reviewing user appeals. While Discord clarified this was not a direct breach of its core systems, the attackers accessed usernames, email addresses, contact details, partial billing information (last four digits of credit cards), IP addresses, and customer support messages. The hackers attempted extortion by demanding a ransom, with online claims suggesting they possessed more data than Discord acknowledged though the company dismissed these as inflated. No full credit card numbers, passwords, or private Discord messages beyond support interactions were compromised. Discord revoked the vendor’s access, engaged forensic investigators, and collaborated with law enforcement. The breach highlights risks tied to third-party dependencies in handling sensitive user data, particularly in identity verification processes.
TPRM report: https://www.rankiteo.com/company/zyper.
"id": "zyp0632206100925",
"linkid": "zyper.",
"type": "Breach",
"date": "9/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '~70,000 users (government-ID '
'exposure)',
'industry': 'Messaging Platform / Gaming Community',
'location': 'San Francisco, USA',
'name': 'Discord',
'size': '200+ million users worldwide',
'type': 'Technology Company'},
{'industry': 'Customer Support Operations',
'name': '[Unnamed Third-Party Vendor]',
'type': 'Customer Service Provider'}],
'attack_vector': ['Third-Party Vendor Exploitation',
'Customer Support System Targeting'],
'customer_advisories': ['Warning against phone-based scams impersonating '
'Discord',
'Clarification that full credit card numbers and '
'passwords were not compromised'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Image files (ID photos)',
'Text-based support messages'],
'number_of_records_exposed': '~70,000 (government IDs); '
'additional records for other '
'data types (quantity '
'unspecified)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (government IDs, PII)',
'type_of_data_compromised': ['Government-issued '
'identification photos',
'Personally identifiable '
'information (PII)',
'Partial payment information',
'Customer support '
'communications']},
'date_detected': 'Late September (exact date unspecified)',
'description': 'Discord identified a security incident involving a '
'third-party customer service provider, exposing approximately '
"70,000 users' government-issued ID photos. The breach "
"targeted the platform's age verification system used for "
'reviewing user appeals. Hackers demanded a ransom as part of '
'an extortion attempt, claiming to possess more data than '
'acknowledged. Compromised information includes usernames, '
'email addresses, contact details, limited billing info (last '
'four digits of credit cards), IP addresses, and customer '
'service messages. Full credit card numbers, passwords, and '
'Discord messages beyond support conversations were not '
"accessed. Discord revoked the vendor's access, engaged "
'forensics experts, and is cooperating with law enforcement.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive user data and '
'extortion claims',
'data_compromised': ['Government-issued ID photos (~70,000 users)',
'Usernames',
'Email addresses',
'Contact details',
'Last four digits of credit cards',
'IP addresses',
'Messages exchanged with customer service '
'agents'],
'identity_theft_risk': 'High (government-issued IDs exposed)',
'operational_impact': ['Vendor access revoked',
'Forensic investigation initiated'],
'payment_information_risk': 'Low (only last four digits of credit '
'cards compromised)',
'systems_affected': ['Age verification system',
'Third-party customer support ticketing '
'system']},
'initial_access_broker': {'entry_point': 'Third-party customer support '
"vendor's systems",
'high_value_targets': ['Age verification system '
'data',
'Customer support ticketing '
'system']},
'investigation_status': 'Ongoing (forensic investigation in progress)',
'motivation': 'Financial Extortion',
'post_incident_analysis': {'root_causes': ['Third-party vendor security '
'vulnerabilities',
'Insufficient access controls for '
'sensitive data']},
'ransomware': {'data_exfiltration': True, 'ransom_demanded': True},
'references': [{'source': 'Discord Official Statement'}],
'regulatory_compliance': {'regulatory_notifications': ['Data protection '
'authorities '
'notified']},
'response': {'communication_strategy': ['Email notifications to affected '
'users (noreply@discord.com)',
'Public statement clarifying scope '
'and denying phone-based outreach'],
'containment_measures': ['Revoked vendor access to ticketing '
'system'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Forensic investigation',
'Cooperation with data protection '
'authorities'],
'third_party_assistance': ['Leading computer forensics firm']},
'stakeholder_advisories': ['Email notifications to affected users',
'Public disclosure of incident scope'],
'title': "Discord Third-Party Vendor Data Breach Exposes 70,000 Users' "
'Government-Issued ID Photos',
'type': ['Data Breach', 'Third-Party Vendor Compromise', 'Extortion Attempt']}