Discord starts notifying users affected by March data breach
Popular chatting platform Discord has started notifying users affected by a March data breach, about three months after the company announced the attack in May.
According to a data breach notification filed with the US-based Office of the Maine Attorney General, only 180 of Discord’s 150 million monthly users had sensitive information exposed in the attack.
That means a Discord user is much more likely to be affected by the Discord.io breach that impacted 7,60,000 users earlier this month, and ultimately led to the site shutting down, reports Engadget.
Discord.io lets Discord users make custom links for their channels.
On August 14, a major data breach caused by a vulnerability in the website’s code allowed a third-party attacker to steal information and sell it on a breached data forum, including hashed passwords, billing information and Discord IDs.
“We have decided to take down our site until further notice,” Discord.io wrote in a post.
As part of its efforts to mitigate the breach and prevent future problems, the company plans “a complete rewrite of our website’s code, as well as a complete overhaul of our security practices”.
This is not the same as the Discord breach that the company may have informed you about this week, according to the report.
A separate incident, affecting Discord and not the separate Discord.io entity, occurred earlier this year when an unauthorised user gained access to Discord data via a third-party service provider.
The hacker stole personal information such as driver’s licence numbers from 180 users’ service tickets.
To prevent further damage, Discord is contacting affected users via email and offering credit monitoring and identity theft protection services.
Meanwhile, Discord has laid off about 37 employees, representing 4 per cent of its total workforce.
According to a report in The Information, the layoffs mainly affected marketing, talent and public policy teams.