Discord Data Breach: Sensitive User Info Exposed, Hackers Demand Ransom
Discord, the popular communication platform, has suffered a data breach affecting a limited number of users. The attack, which occurred on September 20, 2023, was carried out by a group known as 'Scattered Lapsus$ Hunters' (SLH) through a compromised third-party service, Zendesk.
The breach exposed sensitive user data, including full names, usernames, email addresses, IP addresses, messages, and file attachments from support communications. For a smaller subset of users, photos of government-issued ID documents and partial payment information were also compromised. Discord swiftly responded by blocking the affected service provider's access, launching an investigation, engaging a security firm, and alerting law enforcement.
The hacker group published an image displaying an access control list from Kolide, revealing Discord employees with admin access. They demanded a ransom from Discord in exchange for not publishing the stolen information.
Discord has taken immediate action to mitigate the breach and protect its users. The compromised data, while sensitive, does not appear to include financial information or passwords. Users affected by the breach will be notified directly by Discord. The company continues to investigate the incident and urges users to remain vigilant about their online security.