Discord has initiated the process of informing users affected by a data breach that occurred earlier this year, aiming to disclose the exposed Personal Identifying Information (PII). The breach was rooted in a security compromise at a third-party service provider on March 29, impacting a customer support agent’s account.
Attackers gained access to user email addresses, messages exchanged with Discord support, and support ticket attachments. Discord responded swiftly by deactivating the compromised support account upon discovering the breach.
According to disclosed letters, only 180 users had their sensitive personal information compromised in the attack. Discord conducted a thorough investigation and shared the incident details in breach notices filed with the Office of Maine’s Attorney General. On June 13, 2023, Discord completed its review of the support tickets involved and determined the exposure of personal information belonging to a Maine resident, including their name and driver’s license details.
Discord, a widely used social media and instant messaging platform boasting 150 million active monthly users and about 19 million active servers weekly, was also affected by the shutdown of a third-party Discord invite service named Discord.io due to a massive data breach. This breach led to the exposure of information of around 760,000 members.
The compromised Discord.io database was offered for sale on Breached hacking forums, with a threat actor providing proof of authenticity. Compromised data encompassed usernames, email addresses, limited billing addresses, hashed passwords, and Discord IDs, though it was highlighted that this information could already be accessed by those sharing a server.
