Discord says that approximately 70,000 users may have had their government ID photos exposed as part of a data breach of a third-party service.
Discord has identified approximately 70,000 users that may have had their government ID photos exposed as part of a customer service data breach announced last week, spokesperson Nu Wexler tells The Verge. A tweet by vx-underground said that the company was being extorted over a breach of its Zendesk instance by a group claiming to have “1.5TB of age verification related photos. 2,185,151 photos.”
When we asked about the tweet, Wexler shared this statement:
Following last week’s announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions.
All affected users globally have been contacted and we continue to work closely with law enforcement, data protection authorities, and external security experts. We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause.
In its announcement last week, Discord said that information like names, usernames, emails, the last four digits of credit cards, and IP addresses also may have been impacted by the breach.
Change Healthcare updated filings with the federal government to warn that about 100 million people had information accessed by hackers during a ransomware attack in February.
The Department of Health and Human Services’s (HHS) Office for Civil Rights said Change Healthcare notified them on October 22 that “approximately 100 million individual notices have been sent regarding this breach.”
The personal information of a million individuals was leaked online following a ransomware attack that in June hit NHS hospitals in London.
A hacker in El Salvador has released detailed information, including full names, birthdays, phone numbers, and social security numbers.
In a major digital security breach, a website is offering personal data about Turkish citizens including President Recep Tayyip Erdogan that appears to have been stolen by hackers from a government services website.
The Dig research team reveals recently discovered critical vulnerability in GCP CloudSQL service that lead to internal container access and data exposure
The startup shared millions of patients' personal information and health data with Google, Facebook, and TikTok.
Credit Suisse is telling its clients that sensitive personal information including social security identification and contact details has been compromised.
The Information Commissioner’s Office (ICO) has issued a reprimand to the Department for Education (DfE) following the prolonged misuse of the personal information of up to 28 million children.
An ICO investigation found that the DfE’s poor due diligence meant a database of pupils’ learning records was ultimately used by Trust Systems Software UK Ltd (trading as Trustopia), an employment screening firm, to check whether people opening online gambling accounts were 18.
Hackers are stealing PII to apply for remote jobs and then using deepfakes to pass the interview.
