Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Third-party hack leads to Discord data breach

Gaming social media giant Discord has revealed that a hack of one of its third-party providers has led to a significant data breach.

user icon David Hollingworth
Mon, 15 May 2023
Third-party hack leads to Discord data breach
expand image

Discord sent out notices to an unknown number of its customers on 12 May, alerting them that a third-party support provider had suffered an “incident” that led to the provider’s ticket queue being exposed.

Customer emails, support requests, and even attachments are believed to have been part of the breach.

“Due to the nature of the incident, it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed to a third party,” Discord said.

The company said that as soon as it was made aware of the incident, the affected support account was suspended, and the machine it was operating on was checked for malware. Discord also said that it was working with its customer support partner to “improve their practices and help prevent these types of incidents from happening in the future”.

“While we believe the risk is limited, it is recommended that you be vigilant for any suspicious messages or activity, such as fraud or phishing attempts,” Discord said.

The breach notice was shared by a Discord user on Reddit, where a number of other users also disclosed that they had received the notification. Discord has not named the third party or how many of its users were affected, but one Reddit commenter believes it was support provider Zendesk that was affected.

Zendesk has not made any notice of a breach on its own site. However, Zendesk has been working with Discord “since the beginning”, according to Zendesk’s own customer listing.

"Third-party partners add an additional layer of complexity because often companies have to grant access to data that should be protected by third-party partners who have different levels of security around data access and protection, security policies, and exposure. When providing access to a third-party, their attack surface becomes your attack surface," Jamie Boote, Associate Principal Consultant aT Synopsys Software Integrity Group, told us via email.

"As always, never underestimate the people problem and ensure that admins, managers, and operators are all given security awareness training to ensure that they don't engage in risky behaviour like leaving laptops with this data in cars, opening ransomware or malware, or other unsafe behaviours."

Discord was largely used by gamers for messaging and voice chat, but when the pandemic forced people to isolate away from their own social networks, the platform grew rapidly as non-gamers flooded to the site to find connection with friends and family.

In 2017 there were 10 million people using Discord worldwide, but that number has grown to around 300 million now.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.