Discord.io Confirms Breach with Theft of 760K Users’ Data

Discord.io, a third-party service providing custom invites to Discord channels, has temporarily closed its doors following a data breach affecting 760,000 members.

This service, separate from the official Discord site, enabled server owners to create personalized invitations to their channels. A community of over 14,000 members was built around this service.

The Breach

Yesterday, a threat actor identified as ‘Akhirah’ put up the Discord.io database for sale on the newly established Breached hacking forums. To substantiate the theft, four user records from the database were shared.

According to the hacker, the database contains sensitive information for 760,000 Discord.io users, including usernames, email addresses, billing addresses (a small number of users), salted and hashed passwords, and Discord IDs.

Response from Discord.io

Discord.io verified the breach’s authenticity and initiated a temporary halt of all its services. “Discord.io has suffered a data breach. We are stopping all operations for the foreseeable future,” the service announced on its Discord server.

The website provided a timeline that included their discovery of the breach, confirmation of the leaked data, and subsequent actions such as shutting down services and terminating paid memberships.

Hacker’s Motivation

The hacker informed BleepingComputer that the motivation behind the breach was not solely monetary. Akhirah expressed concern about the content linked to Discord.io, including allegations of illegal and harmful material.

Akhirah has expressed a willingness to negotiate with the Discord.io operators to remove the alleged offensive content in exchange for not selling or leaking the stolen database.

What Should Discord.io Members Do? Recommendations

Given the seriousness of this breach, Discord.io members should take the following precautionary measures:

1. Be Alert: Watch for suspicious emails with links requesting your password or personal information.
2. Password Security: Although passwords were salted and hashed, it may still be wise to change your passwords on other platforms if you’ve used the same one.
3. Monitor for Phishing Attempts: The leaked email addresses could be used for targeted phishing attacks, so be vigilant about incoming communications.
4. Follow Official Updates: Stay informed by checking the main website for information regarding password resets or official communications from the service.
5. Use Multi-Factor Authentication (MFA): If not already in place, consider implementing MFA to provide an additional layer of security.

Conclusion

This breach underscores the importance of cybersecurity and vigilance in protecting personal information online. By being alert and following the recommendations provided, individuals can take proactive steps to safeguard their data and minimize potential risks.

For more insights and ongoing updates, please subscribe to our newsletter.