Discord Responds To 3rd-Party Data Breach Claims, Rejects Hacker Ransom Demand
Specifically, the hackers are claiming that they are in possession of data belonging to 5.5 million users, 2.1 million of which have had photos of their government issued IDs stolen. Discord, however, is pushing back on these claims, saying that “of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed.” There's a difference of two orders of magnitude in those two numbers.
Assuming Discord is being honest, this is likely a pressure tactic being deployed by these threat actors, who say that they attempted to come to an agreement with the company for a ransom payment. However, the talks apparently broke down after a few days, leading to the attackers go public with the situation. Despite this pressure, Discord is adamant it won’t be coughing up any cash, saying that “we will not reward those responsible for their illegal actions."
Unfortunately, this all stems from Discord collecting this kind of data for age verification checks necessary in certain jurisdictions. Security experts warned that these types of scenarios would be more likely to occur, as hackers now know that companies might have vast stores of this type of sensitive personal information, making them tempting targets for malicious groups or individuals.
Data breaches like this one are almost assuredly going to become commonplace as more governments decide that companies need to conduct age verification checks. Companies will continue to claim that this data will be handled in a safe manner, but it seems inevitable that there will be a weak link somewhere in the process that can be exploited by those with malicious intent.
