Data Leak at Discord.io
IT Services regrets to inform that the Discord.io custom invite service has temporarily shut down following a data breach that exposed the information of 760,000 members.
Discord.io, a third-party service enabling server owners to create custom invites to their channels, is not an official Discord site. The service’s Discord server, with over 14,000 members, formed the foundation of its community.
Yesterday, an individual known as ‘Akhirah’ started offering the Discord.io database for sale on the new Breached hacking forums. As evidence of the theft, the threat actor shared four user records from the database.
For those unfamiliar with the new Breached, it marks the revival of a popular cybercrime forum notorious for trading and leaking data stolen in various breaches.
Source: BleepingComputer
The threat actor claims that the database contains the details of 760,000 Discord.io users, including the following information:
"userid","icon","icon_stored","userdiscrim","auth","auth_id","admin","moderator","email","name","username","password","tokens","tokens_free","faucet_timer","faucet_streak","address","date","api","favorites","ads","active","banned","public","domain","media","splash_opt","splash","auth_key","last_payment","expiration"
The most sensitive information compromised in the breach includes a member’s username, email address, billing address (limited number), salted and hashed password (limited number), and Discord ID.
“This information is not private and can be accessed by anyone sharing a server with you. However, its inclusion in the breach implies that others may be able to link your Discord account to a specific email address,” explained Discord.io regarding the leaking of Discord IDs.
As first reported by StackDiary, Discord.io has confirmed the authenticity of the breach in a notice posted on its Discord server and website. As a response, the service has temporarily ceased all operations.
Discord.io has experienced a data breach. We are suspending all operations for the foreseeable future,” states a message on the service’s Discord server.
“For more information, please refer to our #breah-notification channel. We will update our website soon with a copy of this message.”
The Discord.io website provides a timeline explaining that they became aware of the data breach after coming across the post on the hacking forum. Subsequently, they verified the legitimacy of the leaked data and initiated the shutdown of their services, including the cancellation of all paid memberships.
Discord.io has been contacted by the individual responsible for the breach, but no details have been disclosed regarding the method used to infiltrate their systems.
Actions for Discord.io Members
The passwords compromised in this breach are hashed using bcrypt, making them difficult to crack due to their hardware-intensive and slow nature.
However, email addresses can be valuable to other threat actors as they may be exploited for targeted phishing attacks aimed at obtaining more sensitive information.
Therefore, if you are a member of Discord.io, it is crucial to remain vigilant and be cautious of any unusual emails containing links to pages that prompt you to enter your password or other personal information.
For any updates regarding the breach, please refer to the official website. The website should provide information on potential password resets or any communication from the service.
