Key Findings
- Discord Notifies Users of March Data Breach Impacting 180 Accounts.
- Contrast Between Discord’s March Breach and Discord.io’s Recent Attack.
- Discord.io Breach Affects 760,000 Users; Company Suspends Services.
- Discord.io Exploits Vulnerability, Auctions Stolen Data Including Hashed Passwords.
- Discord Responds: Comprehensive Overhaul to Strengthen Security Measures.
Discord, the popular communications server with approximately 150 million monthly users, has recently started notifying a subset of its user base about a data breach that occurred in March.
The breach, which was publicly acknowledged by Discord in May 2023, impacted a total of 180 accounts, according to a data breach notification filed with the Office of the Maine Attorney General.
The incident stands in contrast to the recent breach of the third-party service Discord.io, which affected a staggering 760,000 users and led to the temporary shutdown of the website.
Discord.io, a platform enabling Discord users to generate customized links for their channels, suffered a major breach on August 14. The attacker exploited a vulnerability within the website’s code, subsequently auctioning off stolen data, including hashed passwords, billing information, and Discord IDs.
As a response to the breach, Discord.io announced the suspension of its services. The company is now committed to a comprehensive overhaul of its website’s code and security practices to bolster its defence mechanisms against future breaches.
While the Discord.io incident primarily impacts users’ personal information, the breach in March involved the compromise of a customer support agent’s account. This breach allowed malicious actors to access user email addresses, support tickets, and communications exchanged with Discord’s support team.
Discord’s disclosure to the state of Maine’s attorney general office included a thorough investigation into the compromised support tickets. The findings revealed that the personal information of at least one Maine resident, encompassing their name and driver’s license or state identification card number, had been exposed. This information was subsequently used to inform and notify the affected individuals.
Discord is taking proactive measures to bolster its security infrastructure. Alongside enhancing the security of its platform to protect its user base, Discord is also providing credit monitoring and identity theft protection services to the impacted users to mitigate potential further damage.