One of Discord's third-party customer service providers has been infiltrated by an unauthorized party who was able to gain access to users' information. Discord said it recently discovered the incident, which took place on September 20. The compromised data includes a "small number" of government IDs like driver's licenses and passports, which some users may have submitted to verify their ages. To be clear, Discord itself wasn't hacked, and you would only be affected by the data breach if you've ever communicated with the messaging service's Customer Support or Trust & Safety teams. That also means the bad actors didn't get access to your messages within the service, just whatever you may have communicated with customer support.Discord has been sending out emails to people affected by the breach, even those who have no accounts but have contacted their support teams for any reason. In the email, the service said that the compromised information may include your real name, your username if you have one, your email and other contact details, the last four digits of any credit card associated with your account and your IP addresses. The service will also specify in the email it sends you if any ID you'd submitted has been compromised, which puts you at higher risk of identity theft than other users. Discord clarified that the breach would not have compromised your full credit card number, your physical address and your password.The service said it quickly revoked the provider's access to its system after learning about the breach and notified law enforcement of the incident. It also said that it will "frequently audit [its] third-party systems" to ensure they meet Discord's standards.This article originally appeared on Engadget at https://www.engadget.com/apps/discord-users-ids-and-data-compromised-in-customer-service-provider-hack-140053655.html?src=rss

Customer service support company 5CA has released a statement contradicting claims by Discord that it was the victim of a hack last month. On October 3, Discord disclosed a data breach that the company says included a small number" of government IDs like driver's licenses and passports, which some users had submitted to verify their ages. Days later the company updated its statement to name 5CA as the target of the hack, which Discord contracts as part of its customer service efforts. It also disclosed that the "small number" of government IDs encompasses roughly 70,000 users."We are aware of media reports naming 5CA as the cause of a data breach involving one of our clients. Contrary to these reports, we can confirm that none of 5CA's systems were involved, and 5CA has not handled any government-issued IDs for this client. All our platforms and systems remain secure, and client data continues to be protected under strict data protection and security controls," the company's statement reads in part. The company goes on to explicitly state "the incident occurred outside of our systems and that 5CA was not hacked."5CA says that a preliminary investigation showed that the incident may have been the result of "human error," though it offers no details as to what exactly that implies. In a recent interview with BleepingComputer, the hackers who claimed responsibility for the breach said they had access to Discord's Zendesk account for 58 hours on September 20. The group claims they gained entry through compromised login credentials belonging to a support agent employed by a third-party company. Discord has not yet responded to the company's claims.Update 2:58 PM ET: Added more context about the breach.This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/the-company-discord-blamed-for-its-recent-breach-says-it-wasnt-hacked-175536278.html?src=rss