Popular online video and voice chat platform Discord has informed users of a data breach due to a third-party support agent’s account being compromised, BleepingComputer reports.
The breach had a limited impact, with the attackers gaining access to the agent’s support ticket queue.
That communication included email addresses, messages, and attachments shared between users and the particular customer service agent.
Discord said it immediately deactivated the compromised account once it became aware of the issue and conducted malware checks on the affected machine.
“We have also worked with our customer service partner to improve their practices and help prevent these types of incidents from happening in the future,” Discord stated.
The company did not reveal how the agent’s account was compromised.
Discord said although it believed the risk was limited, it recommended that users be vigilant for any suspicious messages or activity, including fraud or phishing attempts.
A group of security researchers previously discovered several security vulnerabilities in the Electron underlying framework used by Discord and Microsoft Teams.
In that instance, it was found that Discord users could have their systems compromised by simply clicking on a malicious video link sent on the platform.
Fortunately, the researchers reported the issues to Electron, and they were fixed before the findings were made public at the Black Hat cybersecurity conference in August 2022.
Loading ...
Join the conversation Autoload comments
Comments section policy: MyBroadband has a new article comments policy which aims to encourage constructive discussions. To get your comments published, make sure it is civil and adds value to the discussion.