Discord is, without a doubt, the most popular messaging app for gamers. This popularity has its advantages, but it also has drawbacks, especially when utilized maliciously. The platform was used in the past by threat actors to promote “Fake” webpages hosting malware. Now, Discord itself has suffered a huge data breach.
The voice, video, and text chat app is a safe place for gamers to exchange ideas and call each other while playing. However, based on what we’ve seen, a simple mistake can cause a lot of damage.
Apparently, the threat actors were able to compromise an account of a third-party support agent, which led to this breach. How did this happen? How impactful was it? We’ll shed more light on the matter below.
Discord Breach: Account Disabled, Damage Done
Data breaches have been occurring very frequently in the past few months. Major companies around the world are falling victim to malicious practices, losing and risking a lot in the process.
The bigger the company, the more of an impact a breach could have. For example, last week, we witnessed an attack that targeted Brightly’s SchoolDude cloud-based platform.
Another one targeted Capita, and the company is still investigating the incident till now. The stolen data from these companies can be utilized in future attacks such as phishing and smishing if emails and phone numbers are compromised.
Now, Discord joins the mix, and cybercriminals were able to infiltrate a third-party support agent’s account.
This led to the exposure of the agent’s support ticket queue, allowing full access to user email addresses, attachments sent in tickets, as well as messages exchanged with Discord support.
Discord did disclose the breach and sent notices to all the affected users. Here’s what the letter had to say:
Discord was made aware of a brief incident that resulted in unauthorized access to a third party customer service agent’s support ticket queue.
Due to the nature of the incident, it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed to a third party.
As soon as Discord was made aware of the issue, we deactivated the compromised account and completed malware checks on the affected machine.
We have also worked with our customer service partner to improve their practices and help prevent these types of incidents from happening in the future.
While we believe the risk is limited, it is recommended that you be vigilant for any suspicious messages or activity, such as fraud or phishing attempts.Source: SplineStein
Discord is huge, and it has over 19 million active servers used on a weekly basis. A small breach can cause a lot of damage, especially when it comes to its users’ privacy.
Those affected by the breach should keep an eye out for any suspicious activity. Emails are among the data, which means that phishing attempts are likely to occur.
Another Day, Another High-profile Breach
Discord is one of the most well-known VoIP and instant messaging social platforms in the world. With over 196.2 million monthly active users, the platform has solidified its place among the giants.
With great power comes great responsibilities, and Discord has a lot to deal with when a breach occurs. Too much data is at risk, be careful.
We highly recommend you remain vigilant when handling emails. You never know when it might be a phishing attempt.