Discord Breached After Service Agent Targeted

Written by

Discord has notified users of a data breach that occurred when a threat actor gained unauthorized access to the support ticket queue of a third-party customer service agent.

“Due to the nature of the incident it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed to a third party,” read a message seen by Infosecurity and sent to impacted users.

Read more on supply chain breaches: Just 3% of UK Firms Escaped a Supply Chain Breach in 2021.

The popular messaging platform said that as soon as it discovered the issue, it deactivated the compromised account and completed malware checks on the individual’s machine.

“We have also worked with our customer service partner to improve their practices and help prevent these types of incident from happening in the future,” Discord continued.

“While we believe the risk is limited, it is recommended that you be vigilant for any suspicious messages or activity, such as fraud or phishing attempts.”

This is not the first time Discord has been targeted by malicious actors. In 2021, Infosecurity reported new multi-function malware designed to abuse core functions on the platform and turn targeted machines into malicious bots.

The same report revealed attempts to use Discord as a malicious file hosting service.

It is expected that Discord’s user base will reach nearly 200 million monthly active users by the end of 2023, making it an increasingly attractive target for attackers.

The platform is particularly popular with the gaming community and is thought to have been the first place where suspected Pentagon leaker Jack Teixeira began sharing classified military documents.

The number of users impacted by the recent supply chain breach is unclear.

Editorial image credit: Ink Drop / Shutterstock.com

What’s hot on Infosecurity Magazine?