Customer service support company 5CA has released a statement contradicting claims by Discord that it was the victim of a hack last month. On October 3, Discord disclosed a data breach that the company says included a “small number” of government IDs like driver’s licenses and passports, which some users had submitted to verify their ages. Days later the company updated its statement to name 5CA as the target of the hack, which Discord contracts as part of its customer service efforts. It also disclosed that the “small number” of government IDs encompasses roughly 70,000 users.
“We are aware of media reports naming 5CA as the cause of a data breach involving one of our clients. Contrary to these reports, we can confirm that none of 5CA’s systems were involved, and 5CA has not handled any government-issued IDs for this client. All our platforms and systems remain secure, and client data continues to be protected under strict data protection and security controls,” the company’s statement reads in part. The company goes on to explicitly state “the incident occurred outside of our systems and that 5CA was not hacked.”
5CA says that a preliminary investigation showed that the incident may have been the result of “human error,” though it offers no details as to what exactly that implies. In a recent interview with BleepingComputer, the hackers who claimed responsibility for the breach said they had access to Discord’s Zendesk account for 58 hours on September 20. The group claims they gained entry through compromised login credentials belonging to a support agent employed by a third-party company. Discord has not yet responded to the company’s claims.
Update 2:58 PM ET: Added more context about the breach.
