Discord Informs Users of Data Breach Involving Customer Support Provider

VoIP and instant messaging social platform Discord is notifying users that some of their information was compromised in a cybersecurity incident at a third-party services provider.

Late last week, the company informed users that a “third-party customer service agent’s support ticket queue” was accessed without authorization, resulting in user email addresses, contents of customer service messages, and attachments being compromised.

Although no specific details were provided, Discord’s notification suggests that a threat actor gained access to credentials for the third-party provider’s account.

“As soon as Discord was made aware of the issue, we deactivated the compromised account and completed malware checks on the affected machine,” the company said in the incident notification, copies of which have been shared online by the impacted individuals.

Discord also notes that it worked together with the affected third-party provider to “improve their practices” and help prevent similar attacks from happening.

It is unclear how many individuals that had submitted support tickets may have been impacted by the data breach. Discord says it has over 150 million monthly active users.

The company did not say which provider was compromised, but some users suggest it might have been Zendesk, which Discord is known to use for managing support tickets.

SecurityWeek has emailed Discord for clarifications on the incident and will update this article as soon as a reply arrives.

Related: NBA Notifying Individuals of Data Breach at Mailing Services Provider

Related: 500k Impacted by Data Breach at Debt Buyer NCB

Related: 14 Million Records Stolen in Data Breach at Latitude Financial Services