Who did what: Discord security incident
Discord blamed a service provider for the hack that happened to its servers, but now this company is claiming that it wasn’t the cause of it, nor were they serving the data that was stolen.
Discord disclosed about this “Security Incident” back in early October. Reportedly, approximately 70,000 users were affected. After the initial notice about the hack was published, Discord then updated the page and directed the blame for the hack onto one of its providers.
According to Discord, there was a “breach” of third-party service provider 5CA. Discord says that this partner is used in its customer support system. Then, on October 14, 5CA responded to this claim, arguing that its systems were not involved.
5CA also claims that it hasn’t handled any government-issued IDs for Discord itself.
Reportedly, the breach involved a leak of tens of thousands of passports and driving license photographs, which were used for age verification.
5CA also claims that its systems are still secure, and client data is protected. The company goes on to say that it’s also performing its own investigation and working with Discord and experts in cybersecurity on the issue.
Image Credit – Discord
Meanwhile, some early findings suggest that the company wasn’t hacked, says 5CA. However, 5CA also claims that it’s possible that the breach happened from “human error”, but it doesn’t specify more on this, and what it actually means.
Both are pretty much publicly arguing about who’s at fault
Neither Discord’s nor 5CA’s press releases and notices are fixing the situation; we’re obviously talking about two companies trying to control the narrative, or at least trying to deflect blame from the topic. And it’s a serious thing: a data breach with sensitive information happened. And that’s that.
Discord has basically named a company, which seems like a move to limit the damage to Discord’s reputation. Of course, at this point, nobody knows whether Discord is accurate, and 5CA denies the allegations. Of course, we don’t know if 5CA is also telling the truth. We need to wait for a trusted third-party or law enforcement to investigate and figure things out before we make any conclusions.
Another change that Discord made to its initial notice is adding the number of affected users. Initially, the company claimed it was a “limited number of users”, without giving us a direct number, and then a few days later, the figure 70,000 was added to the post. Unfortunately, it’s a serious breach involving images of government-issued IDs. These were sent as part of a process for age-verification appeals. Like many apps, Discord also has to confirm the age of its users to ensure that they are not children viewing prohibited content on the platform.
Discord’s messages or activities of users were not part of the breach.
However, data taken in the breach includes:
- Usernames
- Discord usernames
- Email addresses
- Other contact details given to Discord customer support
- Payment types
- Last four digits of a user’s credit card
- Purchase history
- Messages with customer support
- IP addresses
- “Limited corporate data” such as training materials
Luckily, at this moment, it seems that the data isn’t being sold or used anywhere. However, these details could be used in further hacks or attacks.
Discord is contacting the affected users about the breach, and it should also be explaining to them what data was leaked.
All in all, 70,000 users is still relatively a small number against Discord’s total user base, which is approximately 689 million registered users.
If you’re not directly affected by the breach, keep in mind that you may still experience messages based on that breach. Malicious users may try to use the breach to manipulate you. Keep in mind to always question people you don’t know who are contacting you, don’t open any suspicious links, or download any suspicious files.
Hacks do happen, but this is angering
I find it awful that so much sensitive information has leaked. I’m always hesitant about sending government-issued ID cards and other stuff like that to any type of company, and I’ve actually almost never done that. Yep, companies are secure, but still, you see what can happen.
I hope the affected users get some compensation out of all of this. And it really angers me. 70,000 people are still… well, a huge number of people in my book.
“Iconic Phones” is coming this Fall!
Iconic Phones: Revolution at Your Fingertips is the ultimate coffee table book for any phone enthusiast. Featuring the stories of more than 20 beloved devices, it takes you on a nostalgic journey through the mobile revolution that transformed our world. Don’t miss out—sign up today to lock in your early-bird discount!
#Discords #data #breach #drama #turning #blame #game
