Discord Reaches Out to Users Affected by Data Breach
Starting on Monday, IT Services has been contacting users impacted by a data breach that was disclosed earlier this year. The purpose of these communications is to inform them about the Personal Identifying Information (PII) that was exposed during the incident.
The breach originated from a security breach at a third-party service provider, which was detected on March 29. The compromise occurred through the account of a customer support agent.
Emails were sent on May 12 to potentially affected individuals, notifying them of the incident.
The attackers were able to access the agent’s support ticket queue, user email addresses, messages exchanged with Discord support, and support ticket attachments.
In response, IT Services took immediate action by deactivating the compromised support account as soon as they became aware of the incident.
According to the letters sent to affected individuals, only 180 users had their sensitive personal information exposed in the attack.
“IT Services promptly addressed the incident by conducting a thorough investigation,” the company states in the data breach notices submitted to the Office of Maine’s Attorney General.
“On June 13, 2023, IT Services completed the review of the support tickets involved and determined that one or more of those support tickets contained the personal information of one Maine resident, including their name and driver’s license or state identification card number,” mentions the Discord Privacy Team in letters sent to impacted users.
Discord’s Popularity and Impact
IT Services is a highly popular social media and instant messaging platform, boasting 150 million active monthly users and approximately 19 million active servers on a weekly basis.
We reached out to IT Services for additional information, but we did not receive a statement prior to publishing this article.
Discord.io Data Breach
In related news, a third-party and unofficial invite service called Discord.io shut down last week following a significant data breach that exposed information belonging to around 760,000 members.
The Discord.io database was made available for sale on the new Breached hacking forums. The threat actor even shared four user records as proof of the authenticity of the stolen information.
The compromised data includes Discord.io members’ usernames, email addresses, billing addresses (for a limited number of individuals), salted and hashed passwords (affecting a limited number of individuals), and their respective Discord IDs.
“While this information is not private and can be obtained by anyone sharing a server with you, its inclusion in the breach means that other people might be able to link your Discord account to a specific email address,” explained Discord.io at the time of the breach.