Discord is one of the most popular platforms now. It harnessed huge popularity over the years and became the top go-to service for gamers. Unfortunately, with such popularity comes the risk of cyberattack, and that’s exactly what the platform suffered back inMarch.
When a service is used by millions all over the world, it’s bound to end up on the threat actors’ radar. However, this particular breach didn’t occur within the service itself – It happened with a third-party provider.
Malicious actors were able to access the account of an agent of that service provider and exfiltrate support tickets. Now, Discord is notifying all the impacted individuals, and we’re here to explain everything.
Discord Breached… Indirectly!
Data breaches are inevitable. Whether it’s through vulnerabilities, phishing attacks, or even simple mistakes – they’re bound to happen.
According to Discord, this breach occurred after an account of a third-party support agent was compromised. This is not the first time something like this has happened.
A while ago, American Airlines suffered the same fate, when unknown actors compromised the email accounts of a limited number of its team members and managed to harvest sensitive data.
In Discord’s case, the breach also exposed sensitive information included in the agent’s support ticket queue.
This contains user email addresses, and messages exchanged with Discord support, as well as attachments sent within the tickets.
As soon as the incident was discovered, Discord disabled the support account and reached out to all those who were affected by the breach.
According to Discord, 180 users had their sensitive personal information exposed in the attack.
“Discord was made aware of a brief incident that resulted in unauthorized access to a third party customer service agent’s support ticket queue.
Due to the nature of the incident, it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed.”
The service also prompts its users to remain vigilant when they receive any suspicious messages or emails.
Despite sending the email to only 180+ users, everyone should check their email for any notifications. You might be affected by the attack, which may also result in future malicious endeavors.
A Third-Party Breach Risks it All
When it comes to data breaches, affected users should always be on the lookout for suspicious activities, especially when email addresses are compromised.
Cybercriminals can conduct more attacks, including phishing ones, to benefit even more from the incident.
Discord claims to have over 150 million monthly users, which is quite a big number. Imagine what damage a threat actor can do with so much data. Stay safe.
Tech-guru, avid streamer, and an expert in all kinds of devices and how to set them up. Mark has written numerous guides on how to set up a VPN and proxies on all kinds of devices.
