Beginning on Monday, Discord has been reaching out to customers affected by a data breach disclosed earlier this 12 months to allow them to know what Private Figuring out Data (PII) was uncovered within the incident.
The breach stemmed from a security breach at a third-party service supplier detected on March 29, involving the compromise of an account belonging to a buyer help agent.
This incident was subsequently disclosed on Might 12 by way of emails despatched to probably affected people.
The attackers gained entry to the agent’s help ticket queue, person electronic mail addresses, messages they exchanged with Discord help, and help ticket attachments.
In response, Discord says it swiftly reacted to the compromise of the help account by promptly deactivating it after studying of the incident.
In keeping with the letters despatched to affected people, solely 180 customers had their delicate private data uncovered within the assault.
“Discord instantly took steps to handle the incident. An intensive investigation was performed,” the corporate says in data breach notices filed with the Workplace of Maine’s Legal professional Common.
“On June 13, 2023, Discord accomplished the evaluate of the help tickets concerned and decided that a number of of these help tickets contained the non-public data of 1 Maine resident together with the person’s title and driver’s license or state identification card quantity,” the Discord Privateness Group says in letters mailed to impacted customers.
Discord, a extremely widespread social media and instantaneous messaging platform, claims 150 million energetic month-to-month customers and roughly 19 million energetic servers weekly.
A third-party and unofficial Discord invite service generally known as Discord.io shut down final week after an enormous data breach that uncovered data belonging to round 760,000 members.
The Discord.io database was put up on the market on the brand new Breached hacking boards, with the risk actor sharing 4 person data as proof that the stolen data was genuine.
Delicate information compromised within the breach contains Discord.io members’ usernames, electronic mail addresses, billing addresses (of a restricted variety of people), salted and hashed passwords (affecting a restricted variety of people), and their respective Discord IDs.
“This data isn’t non-public and could be obtained by anybody sharing a server with you. Its inclusion within the breach does, nevertheless, imply that different individuals would possibly be capable of hyperlink your Discord account to a given electronic mail deal with,” Discord.io defined on the time.
