Discord.io has suffered a major data breach affecting 760,000 members and their personal information, the website announced.
Discord.io is a third-party service from Discord that helps users generate custom invites for their channels.
It is used by tons of small organizations including IPTV Services to communicate with customers and potential subscribers.
The breach occurred on the night of August 14th, 2023, which resulted in sensitive information being exposed including email addresses, billing addresses, and more.
The company noted that they believe the incident occurred due to a vulnerability in the website’s code, allowing attackers to gain access to their database.
In a statement on their website, Discord.io listed the personal information exposed which included the following:
Non-sensitive information about your account:
- Your internal user ID
- Information about your avatar
- Your status (moderator/admin/has ads/banned/public/etc)
- Your coin balance, and current streak in our free minigame.
- Your API key (this does not give access to your account, and was only available to less than a dozen users).
- Your registration date.
- Your last payment date and the expiration date of your premium membership.
Potentially sensitive information about your account:
- Your username
- Either the one you provided at signup, or, for most of you, your current Discord username.
- Your Discord ID
- This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address.
- Your email address
- Either the one you provided at signup, or, for most of you, your current Discord e-mail address.
- Your billing address
- This should only concern a small number of people and corresponds to the billing address you gave us in order to make a purchase on our site before we began using Stripe.
- Your salted and hashed password
- This should only concern a small number of people from before we exclusively offered Discord as a login option (starting in 2018). While your password was encrypted to industry standards, if it was not unique, we urge you to update it on any other site where it might be similar.
Someone named Akhirah claimed to have the data and listed it for sale on the new Breached hacking forum.
The listing included a few examples to prove the information was legit and that the threat is real.
Tech website bleepingcomputer.com reached out to Akhirah and received comment from them regarding Discord.io and their practice:
It’s not just about money, some of the servers they overlook I talking about pedophilia and similar things, they should blacklist them and not allow them…
It is important to note that Discord.io does not store any payment information and that all payments are processed through PayPal and Stripe which was not breached.
In light of the events, discord.io has decided to shut down operations indefinitely noting an investigation into the breach:
We have decided to take down our site until further notice.
We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again.
This will include a complete rewrite of our website’s code, as well as a complete overhaul of our security practices.
You can read the entire press release from discord.io on their official website by following the link below.
It will be interesting to see if Discord.io negotiates with Akhirah and how the events will play out in the future.
We want to know what you think of this story. Let us know your thoughts in the comment section below!
Be sure to stay up-to-date with the latest streaming news, reviews, tips, and more by following the TROYPOINT Advisor with updates weekly.
This Advisor provides all the best cord-cutting tips to get the most out of your favorite streaming devices and more.
Click the link below to join the other 800,000 Advisor subscribers.
This page includes affiliate links where TROYPOINT may receive a commission at no extra cost to you. Many times, you will receive a discount due to the special arrangements made for our visitors. I will never promote something that I personally don’t use or recommend. Purchasing through my links directly supports TROYPOINT which keeps the content and tools coming. Thank you! Learn more on my Affiliate Disclaimer page.