• Sat. Oct 14th, 2023

Discord.io Breach: 760K Users Exposed

Avatar photo

ByEsme Greene

Sep 6, 2023
Discord.io Breach: 760K Users Exposed
Esme Greene
Latest posts by Esme Greene (see all)

Due to a data compromise, the Discord.io custom invitation platform has temporarily paused running, exposing the personal information of 760,000 users.

Unofficial platform Discord.io enables server owners to design unique invitations. Its Discord server, which has more than 14,000 users, is heavily used by the community.

On the brand-new Breached hacking forums, the hacker going by the alias “Akhirah” listed the Discord.io database for sale and provided four user records as evidence.

This illegal behavior is currently hosted by the Breached forum, which is notorious for data leaks.

According to the threat actor, the stolen database contains various forms of information for 760,000 Discord.io members.

Sensitive information exposed by the incident includes usernames, email addresses, billing addresses (a small number), salted and hashed passwords (a small number), and Discord IDs.

Exposed Discord Data: Potential Risks and Precautions

Even though Discord.io made it clear that this data is public, the fact that it was compromised makes it possible for Discord accounts to be connected to certain email addresses.

StackDiary has verified that Discord.io has recognized the legitimacy of the hack and temporarily suspended services, including locking down its server and site.

Following its observation of the post on the hacker forum, the website confirmed the breach’s detection and promptly took action to resolve the issue.

The consequences of the breach included the termination of paid memberships and the suspension of services.

Discord.io said that they haven’t spoken to the offending party and are still investigating the breach’s circumstances.

Akhirah, who sold the compromised database, highlighted that their objective goes beyond financial gain. They voiced worry about the hazardous and unlawful information on Discord.io.

Akhirah stated that they would want to negotiate with the Discord.io administrators to get this information removed in return for keeping the database private.

All members should, out of prudence, expect that their information could be abused, especially email addresses that might be used in phishing scams.

Email addresses are ideal targets for phishing efforts even when passwords are salted using bcrypt, which makes cracking them difficult and resource-intensive.

Members should be wary of strange emails with links that request passwords or other sensitive information.

Users should visit their main Discord.io website for any updates to see if there are any official emails from the platform or potential changes to their passwords.

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.