Customer service company 5CA has denied being responsible for the recent Discord data breach after it was named in the communication platform’s disclosure of the incident.
Discord informed users on October 3 that some of them may have had their information compromised as a result of a cybersecurity incident related to a third-party customer service system.
The company said hackers may have obtained information such as name, username, email address, limited billing information (payment type and last four payment card digits), IP addresses, messages exchanged with customer service agents, limited corporate data, and a “small number of government-ID images”.
In an update posted roughly one week later, Discord said its own systems were not breached and blamed the incident on 5CA, which supports its customer service efforts.
5CA responded to the accusations on Tuesday, saying that none of its systems were involved, and pointing out that it has not handled government IDs for Discord.
“All our platforms and systems remain secure, and client data continues to be protected under strict data protection and security controls,” 5CA stated.
“Based on interim findings, we can confirm that the incident occurred outside of our systems and that 5CA was not hacked. There is no evidence of any impact on other 5CA clients, systems, or data,” 5CA said.
“Our preliminary information suggests the incident may have resulted from human error, the extent of which is still under investigation,” the company added.
It has been reported that the hackers targeted a Zendesk instance. 5CA indeed uses Zendesk solutions to provide customer support services. However, Zendesk told SecurityWeek last week that the incident does not involve a vulnerability in its products, nor a compromise of its systems.
A group of unnamed hackers has taken credit for the attack, claiming to have obtained 1.5 TB of photos submitted to Discord for age verification, specifically more than 2.1 million government-issued IDs. However, Discord says only 70,000 users had government IDs compromised.
The hackers were reportedly trying to extort Discord, but it does not seem that the company is willing to pay up.
Related: Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack
Related: SimonMed Imaging Data Breach Impacts 1.2 Million
Related: Extortion Group Leaks Millions of Records From Salesforce Hacks
