It literally says in the e-mail pictured they used ChatGPT to summarize the data. It says they used the stolen OpenAI key from Avnet

People messaging me like, "yo dat looks like chatgpt"

When you have enough computers you don't need a heater. It's like, 45f outside (7c) and my office is 75f (23c).

Chat, we are cooked

Discord is being extorted by the people who compromised their Zendesk instance

They've got 1.5TB of age verification related photos. 2,185,151 photos

tl;dr 2.1m Discord users drivers license and/or passport might be leaked. Unknown number of e-mails

BREAKING

The United States Federal Bureau of Investigation has released new photographs of a recent arrest of an international wanted Threat Actor

Yesterday I briefly spoke with the Threat Actor(s) responsible for compromising Discord's Zendesk.

They said they were able to compromise Discord Zendesk by compromising a "BPO Agent" (outsourced support).

They never specified how they compromised them.

Of course, as is tradition, it is also entirely possible they're lying and they compromised their helpdesk system in some other way. It's not uncommon for Threat Actors to lie to obfuscate how they achieved access.

Interesting times

Dawg, I'm trying to fucking work and I've got notifications about the Salesforce compromise, the RedHat compromise, the Discord compromise, this fucking Asuraisjfjsjfiw botnet fucking DDoS shit going on

Threat Actors, will you CHILL THE FUCK OUT. God damn

I can't sit down for 2 seconds without some crazy shit happening the past few days. One of y'all's mfers needs to hit the pause button or something wtf bro

I'm on mobile, but if I had an angry cat picture readily available I'd post it

Thank you, Riverbank, for sending me an angry cat picture. But it's too late. No one gets a cat picture

Bro, I've got people messaging me saying they're worried they're in the Discord leaks and if their photo and/or drivers license is leaked they're going to kill themselves because it'll out them for being gay, or it'll potentially expose them to stalkers again

Wtf

This Discord Zendesk compromise has gotten more silly.

Previously, the Threat Actors responsible for the Discord Zendesk compromise claimed they had gotten access by compromising a BPO (Business Process Outsource) employee.

They were not lying.

It turns out that in August the Threat Actors who compromised Discord began sending emails to Discord outsourced employees offering them money in exchange for access to Discords internals.

The people they emailed was a very small team located in Southeast Asia. This particular office only has a handful of employees assigned to working Discord helpdesk (including age verification). This team is assigned to primarily handle back log work. This team had a great deal of access and were believed to be "trusted".

One of the emails this small team received offered $500 compensation to prove they're a Discord BPO employee. They offered an additional "several thousand dollar" lump sum payment in exchange for giving them access.

The Discord BPO employees were told to ignore the emails. Unfortunately, it appears one of these BPO employees did not ignore the emails and accepted the bribe.

$500 in this Southeastern Asian country is an astronomical amount of money. The "several thousand dollar" lump sum payment would be enough for this person to live comfortably for several years in their country.

BreachedForum-dot-hn, the latest incarnation of Breached, has been seized by the United States Federal Bureau of Investigation.

It wasn't even alive for a month. God damn. FBI moving fast

It should be noted this is not the first time Insider Threats have damaged a company. Most notably, Coinbase had a problem with a BPO accepting bribes to get access to Coinbase internals.

Likewise, ransomware groups have historically looked for Insider Threats to get access

Chat, it's been another wonderful week of internet schizophrenia.

Will the Discord Zendesk nerds drop more data and cause more drama? What will happen to the BreachForum domain now that it's been seized? Will a new one appear? What the fuck happened to that RedHat data? How did the FBI seizure Breached so fast? Who is doing these massive DDoS attacks? How did the NCA UK arrest the pre school ransomware Threat Actors so fast? I had 12 tacos covered in hot sauce and my tummy hurts. Will I ever learn?

Find out next time on Dragon Ball Z

I just learned it's Thursday, not Friday

Shuffle, the cryptocurrency based online casino, announced a security breach as a result of a 3rd party being compromised.

The 3rd party which was compromised is Fast Track. Fast Track is a CRM (Customer Relation Software) for managing things such as customer support tickets.

Shuffle has stated the 3rd party compromise has resulted in the exfiltration of the following data:
- Email
- Name (Full name not specified)
- Addresses (Unspecified in crypto address or physical)
- Transactions (Unspecified historical or specific)
- Bet data

This is eerily similar to the recent Discord Zendesk 3rd party compromise.

Dawg, if it comes out that this online casino was compromised as a result of an Insider Threat (bribery), I'm going to lose my mind

Whoa whoa whoa. Interesting update.

Yesterday Discord silently updated their breach notification press release.

They name dropped the BPO.

Why? 🤔

https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service

Part of me wonders if since I posted the compromise was the result of a BPO they decided to release more details on it.

Or maybe it's completely unrelated and just a coincidence, but it was unveiled at the same time

Probably just a coincidence, but I like to hope