Discord.io data breach: 760K users affected

Following the Discord.io data breach, the custom invite platform has paused its operations, revealing the personal data of 760,000 users. Discord.io, a third-party entity distinct from the official Discord brand, enables server administrators to craft tailored invitations for their channels. The platform’s vibrant community, boasting 14,000 members, predominantly operated through a dedicated Discord server.

ADVERTISEMENT

Discord.io data breach is confirmed

In a recent development, an individual identified as ‘Akhirah’ publicized the sale of the Discord.io database on the emerging Breached hacking forums. As an authentication of the acquisition, four user profiles from the stolen database were shared. For those not acquainted with Breached, it emerges as the successor to a renowned cybercrime forum, notorious for disseminating and selling data pilfered in similar breaches.

According to ‘Akhirah’, the compromised dataset encompasses details of 760,000 Discord.io participants, specifically highlighting the following attributes:

“userid”,”icon”,”icon_stored”,”userdiscrim”,”auth”,”auth_id”,”admin”,”moderator”,”email”,”name”,”username”,”password”,”tokens”,”tokens_free”,”faucet_timer”,”faucet_streak”,”address”,”date”,”api”,”favorites”,”ads”,”active”,”banned”,”public”,”domain”,”media”,”splash_opt”,”splash”,”auth_key”,”last_payment”,”expiration”

Of utmost concern within the Discord.io data breach are the revelations of users’ usernames, email addresses, select billing addresses, and specific salted and hashed passwords, alongside their unique Discord IDs.

“This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address,” Discord.io stated.

In light of the recent Discord.io data breach, StackDiary was the first to report on the platform’s verification of the infringement. As a response, Discord.io communicated its decision to halt all operations via a message on their Discord server.

The statement read, “Discord.io has suffered a data breach. We are stopping all operations for the foreseeable future.” Directing users for more insights, they added, “For more information, please refer to our #breah-notification channel. We’ll be updating our website soon with a copy of this message.”

A timeline featured on Discord.io’s website delves into the discovery of the breach, pinpointing its origin to a post on a hacking forum. In swift succession, the service acknowledged the legitimacy of the leaked information, opting to suspend its offerings and cease all premium subscriptions.

While the entity behind the breach reached out to Discord.io, details concerning the nature of the cyber-attack remain undisclosed.

BleepingComputer, in a conversation with Akhirah – the proclaimed vendor of the compromised Discord.io database – learned that no prior discourse had taken place between them and the service’s proprietors.

Elaborating on Discord.io’s primary functions, the platform serves as a catalog, enabling users to scout for specific Discord servers and procure relevant access invites. Occasionally, users might have to leverage the website’s virtual currency, Discord.io Coins, for such invitations.

According to Discord.io’s terms, while all content is solely the responsibility of the user, the platform reserves rights to eliminate any content that breaches their regulations or legal bounds.

BleepingComputer‘s analysis of archived pages disclosed an array of Discord servers ranging from gaming and anime to adult themes. But Akhirah’s intent behind marketing the database was more than monetary gain. They expressed concerns over Discord.io’s alleged affiliations with unlawful and detrimental content, stating, “It’s not just about money, some of the servers they overlook I talking about pedophilia and similar things, they should blacklist them and not allow them.”

Akhirah disclosed to BleepingComputer a heightened demand for the database, predominantly from individuals aiming for malicious intents like “doxing other people they have problems with.” Yet, Akhirah seems to await the initiative from Discord.io, proposing the removal of objectionable content from their platform as a compromise against the public release or sale of the stolen data.

What is Discord.io?

What to do against such data breaches?

In the aftermath of the Discord.io data breach, even though the hacker claims the database remains unsold, it’s imperative for members to act as though their personal details are at risk.

Despite the breached passwords being encrypted via bcrypt—a method known for its robustness and time-consuming decryption process—the exposed email addresses present a significant risk. They become potential targets for malicious parties aiming for phishing campaigns to extract further confidential information.

Members of Discord.io should stay vigilant against unexpected emails, especially those prompting for password inputs or other sensitive details.

For the latest developments related to the breach, members are advised to monitor Discord.io’s official website, where updates about potential password changes or official communications from the platform should be posted.

Advertisement