Discord.io breached, 760,000 users' data for sale

User IDs, passwords and payment dates are all in the stolen database

Discord.io breached, 760,000 users' data for sale

Discord.io - a third-party service that helps users find and create custom channels and severs on the Discord messaging app - has been breached, and the attacker has taken to hacking forums to sell the data trove.

At the time of writing, Discord.io has paused operations, shutting down all its services.

null

The site explains that it suffered "a major data breach" on the night of 14th August, leaking content to "unknown actors."

Discord.io was alerted to the breach later the same day, and immediately hit the pause button while it decided what to do.

What was taken?

A whole host of information was included in the breach, which Discord.io divides into two camps.

Non-sensitive information

Sensitive information

Comments from Discord.io are included next to each item.

The website says it doesn't hold payment information, so that wasn't leaked; however, billing addresses, email addresses and Discord IDs - no matter how much the website is trying to downplay their importance - are concerning.

Discord.io says it has stopped operations "for the foreseeable future," with no indication for when it will be back.

Who is responsible?

While the service blames an unknown actor, a user going by "Akhirah" has claimed responsibility on Breached Forums - a successor to hacking site BreachForum, which the FBI took down this year.

Akhirah is offering the database for sale and posted samples to prove legitimacy. However, they say their motives go beyond the financial.

BleepingComputer, which claims to have spoken to Akhirah, says the hacker alleges that Discord.io links to illegal and harmful content. Their actions are supposedly to pressure the service into removing that content."

"It's not just about money, some of the servers they overlook I talking about pedophilia [sic] and similar things, they should blacklist them and not allow them," Akhirah told BleepingComputer.

So far Akhirah has apparently not sold the database. Nevertheless, all Discord.io users should be aware that their data, including email addresses, may have been compromised. Be more vigilant on the lookout for phishing and spam emails, and watch Discord.io for updates.