discord user data exposed through third party customer service provider being compromised
“TL;DR:
Discord recently discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers.
This incident impacted a limited number of users who had communicated with our Customer Support or Trust & Safety teams.
This unauthorized party did not gain access to Discord directly.
No messages or activities were accessed beyond what users may have discussed with Customer Support or Trust & Safety agents.
We immediately revoked the customer support provider’s access to our ticketing system and continue to investigate this matter.
We’re working closely with law enforcement to investigate this matter.
We are in the process of emailing the users impacted.”
“What data was involved?
The data that may have been impacted was related to our customer service system. This may include:
Name, Discord username, email and other contact details if provided to Discord customer support
Limited billing information such as payment type, the last four digits of your credit card, and purchase history if associated with your account
IP addresses
Messages with our customer service agents
Limited corporate data (training materials, internal presentations)
The unauthorized party also gained access to a small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination. If your ID may have been accessed, that will be specified in the email you receive.”
Don’t get me wrong here.
It is a problem, and it is a nightmare for people who used real data, but discord isn’t the only one.
Your bank, Mail Provider, ISP, Microsoft, Google, Apple all of these services have the exact same information about you, as in the leak and if they get hacked this data is public.
The data you gave to somebody, the data they can collect on you, they are not safe. At one time, I thought Richard Stallman (GNU) was paranoid; now I think he was prescient. Minimize sharing personal data, etc.
I just got my email as well. I also shared little with Discord, and the username (random) and email (alias) can be changed. The most impacted users would be those with government ID leaks for age determination, which pretty much shows that age verification can really suck for many people, given how careless companies are about such things and how little responsibility they have to bear.
I also got such a mail. The bad thing: I contacted the support to get my Discord account deleted with all the messages I wrote on my account and that’s the reason my data got lost. Since Discord refuses to delete my personal data and I’m EU citizen, I am fighting back and this data breach will make my position even stronger.
The down side is, that I probably get spam soon, which I never got before on this email.
