Third-party data breach at Discord.
N2K logoMay 17, 2023

It's not just about the Discord Papers. There are lessons about third-party risk in a recent data breach.

Third-party data breach at Discord.

Bleeping Computer reports that Discord, the well-known VoIP and instant messaging social platform, has experienced a data breach via the compromised account of a third-party support agent. Discord says that the ticket queue of the support agent contained “user email addresses, messages exchanged with Discord support, and any attachments sent as part of the tickets.” The company quickly disabled the agent’s account and did a malware sweep of the device. Security Affairs reports that Discord is also working with their third-party support provider to improve their cybersecurity and prevent an incident like this from taking place again. Discord told affected users that the company believed the risk from the breach is minimal, but that they advise vigilance against potential fraud or phishing attempts.

Discord's attractiveness to bad actors, and notes on risk mitigations.

Almog Apirion, CEO and Co-Founder of Cyolo, wrote about the the lessons the incident can teach about third-party breaches:

“Threat actors have been increasingly targeting vulnerable third-party systems to gain direct access to critical information in corporate infrastructures. In the case of Discord’s breach disclosed today, the company swiftly handled the compromised account, demonstrating its effective identity access control measures. However, cybercriminals are elusive, so monitoring and forensics remain crucial even when the attack seems to be very limited in scope and reach.  

"To enhance network security and mitigate further risks, Discord – and companies facing such third-party challenges - should implement key post-attack identity management procedures. This proactive approach includes assuming that other accounts are compromised and that attackers have potentially accessed other vital systems through the support ticketing system. Additionally, companies in similar situations must evaluate the exposure of customer data in routine systems like support ticketing tools, ensuring that compromised accounts do not result in unauthorized disclosure of sensitive information. As a potential next step, Discord should also notify the companies relying on their services to monitor their systems for potential threats arising from this incident.”