Top streaming service Discord has suffered a minor cybersecurity incident in which potentially sensitive and personal user data was exposed.
In a letter sent to users seen by BleepingComputer, the company revealed unnamed threat actors managed to compromise an account belonging to a third-party support agent, gaining access to the agent’s support ticket queue, which included some personally identifiable information such as user email addresses.
Furthermore, any messages the users may have exchanged with the support agent, as well as any attachments they may have sent, could also have been accessed.
Emails exposed
In a notification issued after the incident, Discord said it moved swiftly to disable to account and minimize the damage:
“Due to the nature of the incident, it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed to a third party,” the company said.
“As soon as Discord was made aware of the issue, we deactivated the compromised account and completed malware checks on the affected machine.”
While there was no word on the name of the third-party partner whose employee was targeted, Discord said it helped that entity implement new features that should prevent these incidents from happening again in the future.
The company said that the chaces of anyone abusing the information were minimal, but added that its users should still be on the lookout for any potential identity theft (opens in new tab) or phishing attacks.
“While we believe the risk is limited, it is recommended that you be vigilant for any suspicious messages or activity, such as fraud or phishing attempts,” the company said.
Discord is a hugely popular instant messaging platform, particularly among blockchain businesses and cryptocurrency projects.
Via: BleepingComputer (opens in new tab)
