Search the Community

It seems that Discord has been in the news for one reason or another lately, ranging from layoffs to massive privacy breaches and information theft by third parties. And now there’s something new on the horizon — one that may not seem like such a huge deal now but could cause massive issues later on down the line for Discord users. Discord has recently updated its forced arbitration clause in its Terms of Service for its service for US residents, a decision that follows many other corporations that operate primarily in the US. According to the clause, any users who reside in the US waive their right to a jury trial, which includes any class action suits: (Image credit: Future) But why would Discord bother to update its TOS now? The answer likely lies in the other troubles Discord has found itself in lately, concerning the harvested information and chats from the service. Recently a publically accessible website has been discovered aggregating billions of Discord chats and is set to sell that data to the highest bidder. And back in January 2024, Discord bots were found to have been used in information-stealing campaigns. There’s also the fact that, according to its own policies, Discord itself has full authorization to create data profiles on users and sell them to third parties as it sees fit. Discord is doing a disservice to its users with its updated TOS Discord responded that it was investigating these breaches but they’ve been ongoing for years now, since at least 2020. And instead of fully investing in addressing them and properly safeguarding user data, the service instead decides to ensure that US users can’t exercise their right to jury trial. Forced arbitration strips the collective legal rights of users, allowing corporations to wield their full legal strength against mere individuals with far less power. This essentially means that Discord has chosen to protect itself instead of its US user base. It’s allowing bad actors to run rampant throughout its service and then disallowing those same users the right to collectively demand accountability for having their private data repeatedly stolen and sold. One could even assert that this is preparation to allow Discord to expand its own data collection with impunity, as users in the US would have little legal recourse to challenge that as well. If that’s not a massive alarm bell as for what’s to come in the future, then none else exists. What you can do about it For an email template:"I DO NOT AGREE TO THE AGREEMENT TO ARBITRATE FOR THE ACCOUNT(S) LISTED/DESCRIBED BELOW:, and in the event I should change my username or discriminator, "get your ID by enabling dev mode & right clicking your profileApril 18, 2024 See more There is an important step you can take right now, however, to make it clear that you’re not waiving your right to a jury trial. According to the TOS, you may opt out of this forced arbitration clause by “emailing an opt-out notice to arbitration-opt-out@discord.com within 30 days of April 15, 2024 or when you first register your Discord account, whichever is later.” Twitter / X user @guldeuxchats has provided an excellent template that you can use to write out your email. You can also obtain your Discord user ID number by enabling developer mode in the Discord settings and include that in your email. This is handy in case you ever change your username and need to permanently reference your account for your records' sake. If enough people in the US opt out of this clause before the deadline and spread this information around, then it could send a message to Discord to get its priorities straight and protect its user base — the same userbase that has contributed to the growth of this service in the first place. It’s not like this is the first time Discord has been forced to walk back massive privacy concerns either. The service previously landed itself in hot water when it erased entire sentences from its privacy policy that explicitly protected users from having voice and video chats scraped for data. But thanks to enough public pushback, those protections were reinstated again. Now it's time to do it again. View the full article

It’s rare to see a data breach study observers call a “mixed bag.” Normally, reports on data breaches are grim, touting how each year was a record high for the number of data breach incidents and victims, so when one of those figures goes down, it’s as close to good news as you might get. […] The post Roku experiences another data breach; Apple notifies users about mercenary spyware attacks appeared first on BlackCloak | Protect Your Digital Life™. The post Roku experiences another data breach; Apple notifies users about mercenary spyware attacks appeared first on Security Boulevard. View the full article

AT&T has initiated a mass reset of millions of customer account passcodes following a reported data breach. The post Millions Impacted in Mass Passcode Reset of AT&T Accounts appeared first on Enzoic. The post Millions Impacted in Mass Passcode Reset of AT&T Accounts appeared first on Security Boulevard. View the full article

American telecommunications behemoth AT&T has finally confirmed the authenticity of the 2021 data breach that spilled sensitive user information on the dark web, and has initiated a mass reset of user passcodes. Roughly three years ago, privacy blog RestorePrivacy broke the news of a hacker selling sensitive data belonging to more than 70 million AT&T customers. The data allegedly contained people’s names, phone numbers, postal addresses, email addresses, social security numbers, and dates of birth. While AT&T initially denied the breach, saying the data wasn’t from the company, the hacker, going by the name “ShinyHunters” said the organization will likely continue denying until they leak it all. Mass reset Surely enough, last month, a seller published the full database, affecting 73 million people - and TechCrunch analyzed the database, confirming its authenticity, and also establishing that it contained user passcodes, prompting a swift alert towards AT&T. Passcodes are four-digit numbers that work as the second security layer, and are used to access user accounts. Even though they were encrypted, some researchers argued that it is something that can be worked around. Apparently, there is not enough randomness in the encrypted data, which means that in theory, a threat actor could guess the passcode. It seems the threat is more than just theoretical, as AT&T initiated a mass-reset of the passcodes over the weekend. “AT&T has launched a robust investigation supported by internal and external cybersecurity experts,” the company said in a statement published on Saturday. “Based on our preliminary analysis, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.” “AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set,” the statement said. While the telco did confirm the breach, it says that it still doesn’t know where the data came from, whether it was directly from its servers, or from its vendors. More from TechRadar Pro Hot Topic confirms multiple new cyberattacks — customer details and payment info exposed onlineHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article

In a high severity data breach totaling 10,000,000+ files, Prestige Software, a hotel reservation platform based in Spain, exposed the banking details of over a million customers. This company provides automated online booking services to customers looking to reserve hotels for their next vacation or work trip. View the full article