Technology

Discord says only 70,000 government ID photos exposed in third-party service breach, denies 2.1 million figure — says it won't pay $3.5 million ransom and has cut communications with hackers, who are threatening to go public

Source

Tom's Hardware

Published

Oct 9, 2025

TL;DR

AI Generated

Discord clarifies that only around 70,000 government ID photos were exposed in a recent breach of a third-party service, not the 2.1 million claimed by hackers. The company asserts that it will not pay the $3.5 million ransom demanded by the hackers and has ceased communication with them. The breach, which occurred on September 20, involved personal data like contact information, email addresses, and limited payment information being accessed. Discord emphasizes that no passwords or Discord accounts were compromised. The hackers are threatening to release the data publicly if their demands are not met.

Read Full Article

Crucial Taiwan undersea cable severed by old shipwreck — backup microwave communications activated to keep population connected

A shipwreck off Dongyin island in Taiwan has severed the undersea cable connecting it to Beigan Island, prompting the activation of backup microwave communications to maintain connectivity for the 1,500 residents. The Matsu Islands' strategic location near mainland China and the Taiwan Strait makes them crucial for Taiwan's military presence. While this incident was due to natural causes, it underscores Taiwan's vulnerability in its global connections. Recent suspicions of deliberate undersea cable damage by Chinese ships have led Taiwan to increase defensive measures and penalties for sabotage attempts. Despite wireless backups, physical undersea cables remain essential for reliable and high-bandwidth internet connections.

Tom's Hardware•

1 day ago

With $1 Cyberattacks on the Rise, Durable Defenses Pay Off

As cyberattacks that cost as little as $1 become more prevalent, the importance of robust cybersecurity defenses is highlighted. The article emphasizes the significance of writing memory-safe code over relying solely on patching vulnerabilities. Experts Evan Johnson and Justin Cappos from New York University stress the need for durable defenses in the face of rapid and powerful cyberattacks facilitated by large language models like Anthropic’s Claude Mythos. They suggest that a comprehensive approach beyond generative AI is essential for effective cyberdefense.

IEEE Spectrum•

1 day ago

Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden

Security firm Checkmarx has been targeted in a series of supply-chain attacks over the past six weeks, with malware being pushed to customers through compromised accounts. The attacks began with the breach of the Trivy vulnerability scanner, leading to malware being distributed to Checkmarx users. Checkmarx's GitHub account was also compromised, leading to the dissemination of malware to its users. The company faced additional malware pushes, indicating ongoing security challenges. A ransomware group known as Lapsu$ recently dumped Checkmarx's private data on the dark web, suggesting persistent access by attackers.

Ars Technica•

2 days ago

Ransomware accidentally destroys all files larger than 128KB, preventing decryption — VECT code likely partly vibe coded with AI or used an old code base, security researchers suggest

The VECT ransomware, discovered in December 2025, contains a critical bug that turns it into a wiper, destroying files larger than 128KB and preventing decryption. Check Point Research found that the ransomware's flawed programming causes irreversible damage to encrypted files, rendering payment to unlock data ineffective. The ransomware's code also exhibits various other issues, leading researchers to speculate that it may have been partly generated with AI or based on outdated code. Despite these flaws, the group behind VECT appears sophisticated, with multi-platform capabilities and partnerships with other threat actors. The researchers warn that the group could potentially fix these issues and release a more effective version in the future, leveraging its existing distribution system to infect more systems.