Leading Social Media Platform Notifying Affected Users of March Data Breach, Reports Geeky News
The data breach stemmed from a security incident involving a third-party service provider. Around 180 user accounts were reported to be affected in the breach
Surrey, United Kingdom Aug 29, 2023 (Issuewire.com) - Discord--a prominent social media and instant messaging platform--has taken proactive measures to notify and provide support to users impacted by a data breach that occurred earlier this year, reports Geeky News.
The breach, initially detected on 29th March, was traced back to a security incident involving a third-party service provider, with approximately 180 user accounts affected. In compliance with legal requirements, the incident was promptly reported to the Office of Maine's Attorney General.
The attack on Discord happened because a customer support agent's account was compromised. The account was deactivated once the incident was detected. However, it led to unauthorised access to the support agent's ticket queue, potentially exposing user email addresses, support ticket details, and communications with Discord's support team.
The breach was disclosed to potentially affected users on 12th May via email communication. Discord responded swiftly by conducting an exhaustive review of the compromised support tickets. This review, which concluded on 13th June, revealed that personal information, including a Maine resident's state identification card number, name, and driver's license, had been exposed in the breach.
Discord has taken a proactive approach to address the breach's impact, directly contacting affected users to inform them about the breach and the steps taken to mitigate risks.
In a separate event, on 14th August, Discord.io, a third-party service offering custom invite URLs for Discord servers, experienced a significant breach. That resulted in unauthorised access to its database, which was subsequently leaked to hackers. This breach had a profound impact, affecting a staggering 760,000 users. Following the cyberattack, Discord.io temporarily ceased all services and initiated an investigation into how it happened.
The ongoing investigation revealed that the hacker, operating under the alias "Akhira," exploited a vulnerability within Discord.io's website code to gain access to the system. This allowed the hacker to obtain control over the service's entire database, including sensitive information such as billing details, hashed passwords, and Discord IDs. Disturbingly, this information was later auctioned on the dark web.
Discord.io has taken immediate action to enhance its security protocols and website code, aiming to prevent future breaches and protect user data.
The modern cyber threat landscape continues to evolve, presenting complex challenges. During the first quarter of 2023, data breaches have exposed over six million data records, highlighting the potentially catastrophic consequences of such incidents. Data breaches can result in identity theft, financial losses, and substantial penalties for the affected companies. The global cost of a data breach is estimated at around $4.35 million, with a per-record cost of approximately $164.
In light of these challenges, businesses are strongly encouraged to invest in robust cybersecurity solutions. High-quality Security Operations Center (SOC)-as-a-Service providers like DigitalXRAID offer continuous monitoring, analysis of systems, networks, cloud environments, and data logs, enabling proactive risk mitigation and incident prevention.
To read the full article, please visit: https://www.geekynews.co.uk/discord-notifies-users-of-data-breach/
+44 20 3800 1212
Parallel House, 32 London Road Guildford, Surrey
Source :Geeky News
This article was originally published by IssueWire. Read the original article here.