Discord revealed details of the leak of users' government documents — it could affect about 70 thousand people
Discord has addressed a recent security incident, refuting exaggerated claims by a hacker group that over 2 million user documents were stolen. The company confirmed that a data breach at a third-party vendor potentially impacted approximately 70,000 users, not millions.
The Real Story: A Third-Party Breach
The incident, first reported in early October, did not originate from a breach of Discord's own infrastructure. Instead, attackers compromised a service provider that Discord used for user support. Following the breach, a hacker group claimed to have stolen 1.5 TB of data and attempted to blackmail the company.
The attackers are spreading false information about the scale of the breach to extort the service. The company has categorically refused to pay the ransom, stating it will not reward criminal activity.
Discord's Response and Next Steps
Discord has taken immediate and decisive action to address the situation and protect its users:
- Notified Users: All potentially affected users have been directly informed about the incident.
- Secured Systems: The company has secured the compromised systems and terminated its partnership with the breached service provider.
- Collaboration: Discord is actively working with law enforcement, data protection authorities, and external security experts to investigate the matter thoroughly.
This incident highlights the persistent security risks associated with third-party vendors, underscoring the importance of vetting and monitoring external partners, even when a company's core systems remain secure.