,

The Discord Data Breach: What Everyone Should Know

February 11, 2023 • Shannon Flynn

Advertisements

In March 2022, news broke about the Discord data breach that also hit some of the world’s biggest tech companies, including Apple and Meta. Despite the size and resources of these companies, they all fell victim to an elaborate forgery scheme. 

What does the Discord data breach mean for users and cybersecurity overall? Here’s a look at what happened in the data breach, how it succeeded, and what users should know. 

The Discord Data Breach: Fraudulent Government Emails

The Discord data breach was part of a larger cyber crime scheme that involved compromised government emails. A group of hackers known as Lapsus$ was eventually linked to the attacks and certain members were even arrested shortly after news broke of the breaches. The hackers used compromised email accounts belonging to government officials to send emergency data requests to Discord employees. 

Tech companies all generally respond to emergency data requests when there is actually an emergency or urgent legal situation. For instance, a judge might subpoena data in the event that it could contain evidence crucial to a case at hand. Similarly, data might be requested in an emergency situation where someone has gone missing and their online activity could help law enforcement determine their whereabouts. 

The hackers responsible for the Discord data breach took advantage of this system. They posed as law enforcement using the government email accounts they had compromised. So, personnel at Discord had no reason to suspect that the emergency data requests they received were fraudulent because they were coming from legitimate government email addresses. The Lapsus$ hackers stole large amounts of data using this strategy throughout 2021. 

What Data Was Stolen in the Discord Data Breach? 

The Discord data breach wasn’t revealed until after personnel from Apple and Meta admitted in an initial report to Bloomberg that both companies fell victim to the forged emergency data requests. Discord officials later announced that they had also complied with the forged data requests. The Discord data breach was in some ways not as severe as Apple and Meta’s breaches, although it is no less serious. 

Apple and Meta both admitted to turning over customer email addresses, phone numbers, and IP addresses. Discord only reportedly turned over browsing history data tied to certain phone numbers. So, while this data leak is unfortunate, it could have been much worse. However, Discord did not reveal the extent of the leaked browsing history data. 

What the Discord Data Breach Means for Cybersecurity

The Discord data breach may seem like any other breach on the surface, but it actually poses some difficult questions for cybersecurity. While Discord, Apple, and Meta may now be aware that some emergency data requests are forged, there is no clear solution to the problem. The issue lies in the nature of emergency data requests. 

An emergency data request is exactly what it sounds like – an emergency. Companies like Discord, Apple, or Meta are generally expected to respond to these requests in a matter of hours, if that long. They’re only meant to be used in truly urgent situations. So, when a real emergency data request is received, a quick response could genuinely save someone’s life. 

This makes it difficult to counteract the threat of forged emergency data requests. Tech companies could implement stricter verification processes to confirm the legitimacy of these requests. However, this would take so long that it could potentially defeat the purpose of an emergency response. So, Discord and other tech companies are now stuck in a situation where there is no apparent right answer. 

On one hand, more thorough identity verification processes for emergency data requests would help protect user data from theft. On the other hand, a lengthy confirmation process could potentially endanger people in legitimate emergency situations. 

Faced with these two choices, most companies will opt on the side of caution and continue to assume that all emergency data requests are legitimate. That said, in the original Bloomberg report, Apple did note that they block emergency data requests from email addresses known to be hacked. 

How Users Can Protect Their Data

The Discord data breach leaves everyone in a difficult position. There is no obvious way to completely eliminate the threat of forged emergency data requests. Users may find this nerve-wracking, but there are some steps they can take to protect their data on their end. 

Passwords

For example, users who are concerned that their data may have been compromised in the Discord data breach or the corresponding Apple or Meta breaches can update their login info. Regularly changing passwords on key sites, like Facebook or Discord, can help keep login info safe from hackers. After all, an old password won’t do much good even if a hacker does manage to get their hands on it. 

Using Discord’s two-factor authentication login method is a great way to protect accounts from hackers. In the event that login credentials are compromised, hackers still won’t be able to get into a user’s Discord account because they can’t confirm the two-factor authentication. 

Cookies

Additionally, users should pay close attention to the cookies they allow on sites they visit. Discord uses cookies to track browsing history, like many other websites and services do. Users should block these tracking cookies or stop using sites that require them. In fact, in the EU there are even laws about cookies and data collection designed to protect users from this kind of risk. 

Malicious Links

Users also need to be careful about the links they click on within Discord. This one is a phishing scheme where hackers reportedly send malicious links to users while posing as other users. The link takes users to a fake Discord channel where they are asked to login, compromising their login info. 

As mentioned above, using two-factor authentication on Discord is a great way to prevent accounts from being fully compromised. Users can also stay safe by downloading their backup codes for their Discord account. If their account is compromised, they can restore and secure their account using the backup code. 

Learning From the Discord Data Breach

The Discord data breach poses some big questions for the cybersecurity community with no clear answers. Tech companies will have to come up with innovative solutions to protect user data without compromising real emergency data requests. Until then, users can stay safe by taking steps to protect their own data on Discord and other sites.

bg-pamplet-2