Discord Third-Party Vendor Allegedly Hacked: 70,000 IDs Stolen

Online services often rely on third-party services to ensure their services continue without a hitch. From servers to security providers, these online services ensure these websites work as expected without any hitch.

However, there is an intrinsic challenge to relying on third-party services. These third-party services are also vulnerable to attacks. If they do not implement proper security measures against cyberattacks, their company and their customers will be compromised.

An example of this problem is the recent cyberattack against a company that specializes in user age verification. According to a BBC report, “Discord, a messaging platform popular with gamers, says official ID photos of around 70,000 users have potentially been leaked after a cyber-attack.”

Aside from photos, the attack also stole other users’ personal information, including their names, emails, and other related contact details. Even the IP address and customer service conversation were also stolen.

A press release from Discord acknowledged the cyberattack and launched an internal investigation. They are also working with law enforcement, as well as “in the process of emailing the users impacted.”

The attack was perpetrated by a group calling themselves the Scattered Lapsus$ Hunters. The target was 5CA, the third-party provider for Customer Service and Trust and Safety on Discord. According to Bitdefender, they successfully stole around 1.6 terabytes of data. Curiously, 5CA denied they were actually hacked, but Discord already released a statement advising its users about the attack.

Security Concern Raised

One of the biggest concerns of this attack is the stolen official ID photos. For context, the UK requires users to prove their age under the Online Safety Act. Proving their age can be done by uploading an official ID or taking a video selfie.

Stolen official ID is very dangerous because it displays sensitive information that can be used for nefarious purposes. A person whose personal information is stolen could be a target for identity theft, phishing, and other types of scams.

Stealing IP Addresses

Stealing sensitive and personal information can lead to different types of scams and criminal activities. Stolen IP addresses also cause additional security concerns.

Hackers can target a specific IP address to steal more than just personal information. Photos, videos, passwords, and banking information could be stolen from unsuspecting users when they are targeted through their IP address. These hackers use the IP address to scan for any form of security vulnerability to run an exploit. They could monitor every network activity without being detected.

IP addresses are also used in massive DDoS attacks to take down large websites and other essential services. These stolen IP addresses are used for IP spoofing, bypassing security checks by masking their true IP address.

Protecting Your Personal Information Online

Due to the massive security breach, it’s essential to be alert against this type of attack. Discord users, especially those from the UK, should be vigilant against phishing and scam emails. Since identity theft is a possibility due to stolen IDs, Discord users should actively monitor their online transactions and credit ratings. Other security measures, such as replacing passwords in Discord and using multi-factor authentication, should be implemented as soon as possible.