Third-party breach hits Discord

HackRead reports that popular instant messaging and VoIP social platform Discord had its users' data compromised following a cyberattack against a third-party customer service provider, which the hacking conglomerate Scattered Lapsus$ Hunters claimed to be Zendesk.

Infiltration of the third-party's systems allowed threat actors to pilfer information from individuals who had communicated with Discord's Customer Support or Trust & Safety teams, including their names, usernames, email addresses, and other contact information, as well as their messages, payment methods, and credit cards' last four digits, according to Discord, which also noted the limited exposure of users' government-issued ID images.

A spokesperson for Zendesk told SC Media Oct. 7 that an investigation indicated the incident did not arise from a vulnerability within Zendesk's platform and that its systems were not compromised.

Aside from promptly removing the third-party firm's ticketing system access, Discord which reassured its users of the safety of other sensitive data has also sought external assistance for remediation efforts. However, Discord's security measures have been scoffed at by Scattered Lapsus$ Hunters, which threatened further info exposure on their data leak site.

Such a development comes after Discord had its Content Delivery Network targeted in an August malware campaign, as well as being spoofed for Epsilon Red ransomware distribution in July.