Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised.
The security breach exposed the agent’s support ticket queue, which contained user email addresses, messages exchanged with Discord support, and any attachments sent as part of the tickets.
Discord says it immediately addressed the breached support account by disabling it once the incident was discovered.
“Due to the nature of the incident, it is possible that your email address, the contents of customer service messages and any attachments sent between you and Discord may have been exposed to a third party,” Discord said in letters sent to affected users.
“As soon as Discord was made aware of the issue, we deactivated the compromised account and completed malware checks on the affected machine.”
Discord breach notification letter (splinestein)
They also worked with the customer service partner to implement effective measures to prevent similar incidents in the future.
If you have been affected by the data breach on Discord, keep an eye out for any suspicious activity, like fraud attempts or phishing attacks. Although Discord considers the risk minimal, it’s better to stay cautious.
“While we believe the risk is limited, it is recommended that you be vigilant for any suspicious messages or activity, such as fraud or phishing attempts,” the company said.
A Discord spokesperson didn’t reply to a request for comment when BleepingComputer reached out earlier today.
Discord is a widely used instant messaging and social media platform with 150 million monthly active users.
Additionally, the company claims on its website that the platform has 19 million active servers weekly.