Discord Issues Data Breach Notice after Support Agent Gets Hacked

Instant messaging service Discord is informing people who engaged with the platform’s help desk of a data breach after an unauthorized party compromised a support agent’s account.

The notice, shared with BleepingComputer by an affected user, states that Discord experienced “a brief incident that resulted in unauthorized access to a third party consumer service agent’s support ticked queue,” which contained (and possibly exposed) email addresses, logs of messages between users and support agents, and any attachments sent between the participants.

The notice doesn’t say exactly how this support agent got hacked, but it’s likely a case of social engineering – i.e. phishing.

Discord deactivated the compromised account as soon as it learned of the issue, but it’s not entirely clear how much time the unauthorized party had before access to the account was severed.

Discord’s IT people also ran malware checks on the affected machine, but the notice doesn’t actually say whether the checkup found anything on it.

“We have also worked with our customer support service partner to improve their practices and help prevent these types of incidents from happening in the future,” the memo adds.

The risk to end users is limited, Discord says, but it still recommends that users stay vigilant for any suspicious communications or activity, including phishing attempts.

Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data, monitoring whether your accounts are exposed and making it easy to take action before disaster strikes.