Discord reveals data breach after worker hack - is your account affected?

(Image credit: Pixabay)

Top streaming service Discord has suffered a minor cybersecurity incident in which potentially sensitive and personal user data was exposed. 

In a letter sent to users seen by BleepingComputer, the company revealed unnamed threat actors managed to compromise an account belonging to a third-party support agent, gaining access to the agent's support ticket queue, which included some personally identifiable information such as user email addresses. 

Furthermore, any messages the users may have exchanged with the support agent, as well as any attachments they may have sent, could also have been accessed. 

Emails exposed

In a notification issued after the incident, Discord said it moved swiftly to disable to account and minimize the damage: 

"Due to the nature of the incident, it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed to a third party," the company said.

"As soon as Discord was made aware of the issue, we deactivated the compromised account and completed malware checks on the affected machine."

While there was no word on the name of the third-party partner whose employee was targeted, Discord said it helped that entity implement new features that should prevent these incidents from happening again in the future. 

The company said that the chances of anyone abusing the information were minimal, but added that its users should still be on the lookout for any potential phishing attacks. If you think you have become a victim, then using the best identity theft protection can help. 

"While we believe the risk is limited, it is recommended that you be vigilant for any suspicious messages or activity, such as fraud or phishing attempts," the company said.

Discord is a hugely popular instant messaging platform, particularly among blockchain businesses and cryptocurrency projects. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.