Discord—a leading social media and instant messaging platform—has started to notify and support users affected by a data breach that occurred earlier this year, reports Bleeping Computer.
The breach, according to the report, was first tracked down on 29th March. It stemmed from a security incident involving a third-party service provider. Around 180 user accounts were reported to be affected by the breach. The incident was recently filed with the Office of Maine’s Attorney General, as demanded by law.
Soon after, Discord.io encountered a massive breach on 14th August. This is a third-party service that offers custom invite URLs tailored for Discord servers. The breach resulted in its content being leaked to hackers.
This incident impacted a whopping 760,000 users. In response, all Discord.io services have been closed down temporarily, followed by the launch of an investigation into the breach. The ongoing probe has uncovered that the hacker, who uses the alias “Akhira,” exploited a vulnerability within the website’s code to access the system. The hacker used the weakness to get control of the service’s entire database, including billing information, hashed passwords, and Discord IDs. The information was then auctioned on the dark web.
Discord.io is now improving its security measures and website code to prevent future breaches, according to the report.
On the other hand, the breach that affected Discord was a result of the compromise of an account belonging to a customer support agent. Upon identifying the incident, Discord promptly disabled the compromised account.
This breach allowed unauthorised access to the support agent’s ticket queue, leading to the compromise of support tickets, user email IDs, and user communications with Discord’s support team. This incident was thereupon disclosed on the 12th of May, through emails sent to potentially impacted users.
In response to the incident, Discord rolled out a comprehensive review of the affected support tickets involved, which concluded on 13th June. The investigation revealed that personal details, including the state identification card number, name, and driver’s license of one Maine resident, were exposed in the breach. The company has contacted affected users directly to keep them informed of the breach and the actions it has taken to address any risks.
With the cyber threat landscape evolving in complexity and sophistication, the potential for data breaches to induce catastrophic cascading effects has become a major concern. During the first quarter of 2023, data breaches caused the exposure of over six million data records. The repercussions of a data breach are severe—identity theft, financial loss, and hefty penalties to the breached company. Furthermore, data breaches can heavily cost a company—the global cost of a data breach amounts to roughly $4.35M, putting the per-record cost at around $164.
Businesses looking to proactively defend against cyber crimes are urged to invest in high-end SOC-as-a-Service providers such as DigitalXRAID. By continuously monitoring security incidents and analysing a business’s systems, networks, cloud environments, and data logs, high-quality managed SOC services ensure mitigating potential risks before they turn into serious incidents.
Sohela is an electrical engineer and a self-professed writer with a keen interest in all things tech. When she’s not writing killer content pieces, you’ll find her enjoying tempting foods in her favourite restaurants.
