Users of Discord have been informed of a data breach that was caused after a threat actor got unauthorized access to the support request queue of a third-party customer care representative. The incident was brought to users’ attention by the messaging platform Discord.
A letter that was sent to users who were affected by the issue said, “Due to the nature of the incident, it is possible that your email address, the contents of customer service messages, and any attachments sent between you and Discord may have been exposed to a third party.”.
The well-known messaging platform said that as soon as it found the problem, it immediately terminated the hacked account and carried out malware tests on the person’s device.
“We have also worked with our customer service partner to improve their practices and help prevent these types of incident from happening in the future,” Discord said further.
“While we believe that the risk is relatively low, it is important that you remain on the lookout for any messages or activities that might be suspicious, such as attempts at fraud or phishing.”
This is not the first time that hostile actors have attempted to compromise the Discord server. It revealed a new multi-function virus in 2021, which was meant to misuse basic functionality on the platform and transform PCs that were the target of the attack into dangerous bots.
The same research also indicated that malicious actors have attempted to utilize Discord as a file hosting service.
It is anticipated that Discord’s user base would reach approximately 200 million monthly active users by the end of 2023. This will make it an increasingly appealing target for attackers since it will have a large number of potential users.
The network is especially well-liked among members of the gaming community, and it is believed to have been the initial location where Jack Teixeira, who is accused of leaking confidential information from the Pentagon, started distributing classified military data.
In addition, Discord mentions that it collaborated with the third-party supplier that was compromised in order to “improve their practices” and contribute to the prevention of future attacks of a similar kind. Although the firm has not disclosed which service provider was hacked, several users have speculated that the culprit may have been Zendesk, which is well known to be used by Discord for the management of support issues.
It is unknown how many people who have filed support requests may have had their personal information compromised as a result of the data breach.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.