Discord has spoken out after a recent breach of a "third-party service," thought likely to be Zendesk's support system, stating that around 70,000 government ID photos may have been exposed; rather than the 2.1 million that hackers claim. It also made it clear that Discord itself wasn't breached, and that regardless of what the hackers claim, it won't be paying out any ransom demands, according to BleepingComputer.
The breach occurred on September 20, with the hackers claiming to have used the Zendesk support system to gain access to personal data like contact information, email addresses, real names, some limited payment information, and government ID documents used for authentication. No passwords were compromised, nor Discord accounts themselves, but personal information was extracted, and the hackers wanted a payout to prevent them from releasing it.
That's not going to happen, though, as Discord told BleepingComputer in a statement that "We will not reward those responsible for their illegal actions," making it clear it won't be paying any ransoms.
It also pushed back on claims from the hackers that over two million government ID photos had been stolen in the hack.
"First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts," Discord said in a statement. "Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals."
The hackers allege the breach was far worse than Discord is claiming, though. In a chat with BleepingComputer, those responsible suggest they were able to access over 8.4 million support tickets affecting over 5.5 million unique users. However, they did admit that the original 2.1 million government ID number may have been overblown. It's more than 70,000, they claim, with over 521,000 age verification support tickets in their collection.
These claims can't be verified, even though BleepingComputer was allegedly shown some of the stolen data as proof of their veracity. The group initially demanded $5.5 million from Discord to delete the data, though it has now reduced that to $3.5 million following private discussions with Discord over the past few weeks.
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Discord has since cut all communications with those responsible, and the hackers are now threatening to leak the data publicly if their demands are not met.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button!
1 day ago
4
English (US) ·