The Discord messaging platform, used by more than 200 million people each month, confirmed last Friday that it was affected by a security incident in its customer support service, managed by a third party. The third-party provider suffered an extortion attack, similar to ransomware, in which attackers accessed sensitive data and demanded a ransom to retain the stolen information.  ESET, a leading company in proactive threat detection, is analyzing the incident, which affected users who had interacted with customer service and trusted and safety representatives.

Among the leaked and compromised data were identity documents, partial credit card details, and payment history.

According to the incident notification that Discord sent to affected users and made public on its website, the attackers did not access the most sensitive information, such as physical addresses, full credit or debit card details, or authentication data. “Nor did they access messages other than those exchanged with the customer support center,” they detailed.

While it is asserted that the cybercriminal group did not have direct access to the platform’s servers, ESET maintains that the case demonstrates how a service with high security standards can be weakened at one of the links in its supply chain.

Third-party services and their weaknesses, explains Jake Moore, ESET Global Security Advisor, “are more difficult to monitor and control, and they often store sensitive information, so they are becoming common targets for cybercriminals.”

A security incident reportedly occurred on September 20, which is still under investigation. Since October 3, the platform began notifying each affected party about the breach and has issued a statement alerting the community at large.

Data affected and/or compromised

According to the information published by Discord, the compromised data includes:

• Usernames, email addresses, and contact information.
• Payment information, such as the last four digits of card details and purchase history.
• IP addresses.
• Messages and attachments sent to customer service, or inquiries to members of the platform’s trust and safety department.
• Corporate information, such as training materials and internal presentations.

According to the same alert, the data accessed by cybercriminals includes “a small number” of identity documents, such as driver’s licenses or passports, which are often requested to verify a Discord member’s age. While the volume of these leaked documents is not detailed, the platform assures that the incident notification email specifies this information for each affected user. This means that if you receive an email notifying you of the data breach, it will clarify which data was compromised.

“The recommendation for any user of the platform who has been affected, or who uses Discord, is to pay special attention to any communication that appears to originate from Discord, as the possibility of data being used in targeted phishing campaigns is higher. Cybercriminals may not only leverage the leaked information, but also the news of the leak to use that excuse or bait to launch a specific campaign targeting users of the platform—even if they were not the targets of this latest leak,” warns Camilo Gutiérrez Amaya, Head of the ESET Latin America Research Lab.

Regardless of whether you were notified or not, ESET assures that this is a good opportunity to review some recommendations that may be essential in the event of incidents like this:

• Check if you have two-step verification enabled on your account. This provides an additional layer of protection against login credentials leaks.
• Review payment transactions if you use Discord Nitro or other paid services.

Importance of strengthening the supply chain (be careful with suppliers)

At the time of this publication, and according to an article on the specialized website BleepingComputer, the Scattered Lapsus$ Hunters (SLH) ransomware group had initially claimed responsibility for the attack, although they later told that outlet that the attack was carried out by another group with ties to SLH.

“These types of incidents at third-party suppliers are a reminder of the importance of strengthening the supply chain. A robust cybersecurity policy must include and address all the links that make up the supplier network. It is also key for users to understand the importance of staying informed and alert to incidents that could compromise the security and privacy of their data, and to remember the basic measures they can take to address them, or at least be better prepared for these types of situations, which are becoming more frequent,” concludes Gutiérrez Amaya of ESET.

ESET invites you to learn more about cybersecurity by visiting: https://www.welivesecurity.com/es/.

For other useful preventive information, it is also available in Venezuela: https://www.eset.com/ve/, and its social media channels @eset_ve. Also available on Instagram (@esetla) and Facebook (ESET).

With information and reference images provided by ESET and Comstat Rowland

Visit our news channel on Google News and follow us to get accurate, interesting information and stay up to date with everything. You can also see our daily content on X/Twitter and Instagram

La entrada Discord suffered data breach due to vendor attack: ESET analyzes it and comments apareció primero en Bitfinance.