5CA denies third-party Zendesk platform was cause of Discord breach
Third-party provider 5CA has told Discord to stop blaming the Zendesk partner company for last week's hack of the messaging platform. The hack reportedly exposed the personal data of 5.5 million users, including over 70,000 government IDs.
“We are aware of media reports naming 5CA as the cause of a data breach involving one of our clients,” the global customer services tech provider said in a statement on its website on Tuesday.
“Contrary to these reports, we can confirm that none of 5CA’s systems were involved,” adding that “all its platforms and systems remain secure, and client data continues to be protected under strict data protection and security controls.”
However, 5CA did say that preliminary findings suggests “the incident may have resulted from human error.”
The Netherlands-based Work-From-Home CX tech provider did not name names, but is obviously referring to an October 5th compromise of Discord servers. Discord publicly blamed the breach on a hack of 5CA systems, which uses Zendesk software for its third-party offerings.
Drawing the blame card
Discord, at first, did not flat-out name 5CA as the hacked third party, but the Zendesk Customer Relationship Management (CRM) platform it provides was identified as the source by the hacker group – Scattered LAPSUS$ Hunters – which claimed responsibility for the breach soon after.
The notorious Salesforce hacker gang reportedly told Bleeping Computer last Wednesday it had gained access to Discord’s Zendesk instance for 58 hours starting September 20th, stealing 1.6TB of customer data, impacting about 5.5 million users.
Curious what others think about this story? Contribute your thoughts to the debate below.
Discord, which eventually named 5CA as the third party in its own statement last week, had made clear that its servers had not been breached, but did admit that the government IDs of at least 70,000 Discord users had been exposed.
The IDs were submitted to Discord by users as part of the platform’s age verification proof process.
“Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals,” Discord said.
5CA clearly states, “based on interim findings, the incident occurred outside of our systems and that 5CA was not hacked.” Furthermore, the tech company revealed it found no evidence that any other 5CA clients, systems, or data had been impacted.
5CA said it is presently “conducting an ongoing forensic investigation into the matter and collaborating closely with our client, as well as external advisors, including cybersecurity experts and ethical hackers… and will share verified findings once confirmed.”
As a result of the alleged incident, 5CA said it would be scrutinizing all "access controls, encryption, and monitoring systems" as a precautionary measure moving forward.
Meanwhile, Scattered LAPSUS$ Hunters, which last week said it had not counted the number of IDs it had stolen, noted that it has about 521,000 age-verification tickets in its possession, a far cry from the 70K Discord revealed in its update.
Overall, the stolen data, which includes roughly 1.5TB of ticket attachments and 100GB of ticket transcripts, is reported to consist of 8.4 million tickets. The hackers also exposed partial payment information for about 580,000 users.
The ransomware cartel had also reportedly told Bleeping Computer that it had broken into Zendesk’s support application “Zenbar” to carry out the hack, allowing the bad actors to “perform various support-related tasks, such as disabling multi-factor authentication and looking up users’ phone numbers and email addresses.”
Zendesk, in a statement sent to Cybernews, has reiterated that the “‘Zenbar’ application is not a support application developed or maintained by Zendesk, but was built by Discord for their own use and is not made available by Zendesk for use by other customers.”
