By 2025, it may seem like cybercriminals are gaining the upper hand, while major corporations are facing significant challenges. A string of data breaches is coming to light, affecting companies across various sectors—from tech giants like Google to luxury brands such as Dior. Recently, Discord, the popular chat platform, acknowledged a breach involving a third-party customer support provider, 5CA. Hackers accessed user data that included names, email addresses, limited billing information, and even government ID images.
Details of the Breach
The breach occurred on September 20 and did not target Discord’s own servers directly. Instead, attackers gained unauthorized entry to 5CA, exposing sensitive data from users who had sought assistance from Discord’s customer service. Although primarily a hub for gamers, Discord’s use has broadened, now accommodating various communities for text, voice, and video interactions. With over 200 million monthly users, the compromised information includes Discord usernames, real names, emails, and even fragments of billing details. Alarmingly, around 70,000 users might have had their government ID photos leaked as part of this incident.
The attackers reportedly aimed to extort a ransom from Discord. Earlier this month, the group known as Scattered Lapsus$ Hunters (SLH) claimed responsibility for the breach, paralleling another incident in which they demanded a ransom for more than a billion Salesforce records.
Response from Discord
Discord disclosed the breach on October 3, thirteen days post-incident. The platform has severed ties with third-party support providers, initiated an internal review by its digital forensics team, and is notifying users affected by the breach. Importantly, they clarified that breach-related communications will only come through their official email, stressing no phone contact would be made. They assured that certain sensitive information, like full credit card numbers and account passwords, remain secure and untouched.
In an effort to address misinformation regarding the breach, a Discord representative emphasized that this was not a failure on Discord’s part, but rather an issue with their vendor. They also countered claims of inflated numbers concerning affected accounts, stating that around 70,000 users were indeed impacted. The company is working diligently with law enforcement and data protection authorities, reinforcing security measures with third-party vendors.
Protecting Your Data
For users concerned about their data exposure, here are several steps to boost security:
1) Enable Two-Factor Authentication
Activating two-factor authentication (2FA) adds an extra step for logging in, making it significantly harder for anyone to gain unauthorized access. Discord supports 2FA through apps or SMS, providing a code whenever you log in from a new device.
2) Use Personal Data Deletion Services
Minimizing the amount of personal information available online can help ward off attackers. Examine what you’ve shared and consider services that help remove information from data broker sites, thereby complicating efforts for identity theft.
3) Utilize Strong, Unique Passwords
Avoid reusing passwords across different platforms, as this can lead to multiple accounts being compromised. Using a password manager can help generate and safely store complex passwords for various accounts.
4) Regularly Monitor Your Accounts
Keep an eye on your email and login history for any unusual activity. Identity theft protection can help by scanning the dark web for your credentials and alerting you if they surface.
5) Be Wary of Suspicious Emails and Links
Phishing threats are likely to rise following breaches. Always verify senders and do not click on unknown links. Ensure you have robust antivirus software to safeguard against malware.
6) Keep Software Updated
Make sure your operating system and applications are always updated, as attackers often exploit known vulnerabilities in outdated software.
Conclusion
Recent breaches illustrate how third-party services can become significant points of vulnerability for businesses. Although Discord is taking steps to manage the fallout of this incident, it highlights a broader issue—many companies lack adequate safeguards to protect user data. The weak oversight and slow response from third-party providers can put personal information at risk, underscoring the need for stricter security measures.
