Discord.io confirms breach after hacker steals data of 760K users
Discord.io confirms breach after hacker steals data of 760K users
By Lawrence Abrams
August 14, 2023 05:40 PM 0
Data flowing from a faucet
Updated: Added further information from Akihirah about the sale of the database.
The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members.
Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service's Discord server, with over 14,000 members.
Yesterday, a person known as 'Akhirah' began offering the Discord.io database for sale on the new Breached hacking forums. As proof of the theft, the threat actor shared four user records from the database.
For those unfamiliar with the new Breached, it is the rebirth of a popular cybercrime forum known for the sale and leaking of data stolen in data breaches.
Forum post selling Discord.io database
Forum post selling Discord.io database
Source: BleepingComputer
According to the threat actor, the database contains the information for 760,000 Discord.io users and includes the following types of information:
"userid","icon","icon_stored","userdiscrim","auth","auth_id","admin","moderator","email","name","username","password","tokens","tokens_free","faucet_timer","faucet_streak","address","date","api","favorites","ads","active","banned","public","domain","media","splash_opt","splash","auth_key","last_payment","expiration"
The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID.
"This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address," Discord.io explained about the leaking of Discord IDs.
As first reported by StackDiary, Discord.io has confirmed the authenticity of the breach in a notice to its Discord server and website and has begun temporarily shutting down its services in response.
"Discord.io has suffered a data breach. We are stopping all operations for the foreseeable future," reads a message on the service's Discord server.
"For more information, please refer to our #breah-notification channel. We'll be updating our website soon with a copy of this message."
The website for Discord.io contains a timeline explaining that they first learned of the data breach after seeing the post on the hacking forum.
Soon after, they confirmed the authenticity of the leaked data and began shutting down its services and canceling all paid memberships.
Discord.io says they have been contacted by the individual behind the breach and have not shared any information on how they were breached.
BleepingComputer spoke to the seller of the Discord.io database, Akhirah, and was told that they had not spoken to owners of the service yet.
"It's not just about money"
The Discord.io site acts as a directory where visitors can search for Discord servers matching specific content and obtain an invite to access it. In some cases, it is required to purchase and spend the site's virtual currency, Discord.io Coins, to gain access to an invite.
When creating these Discord server profiles, the Discord.io terms of use say that all content is the member's sole responsibility but that the operators have the right to remove any content that is illegal or breaks their rules.
From the limited archived pages of the site, BleepingComputer has seen Discord servers in the directory for a wide variety of interests, including anime, gaming, adult content, and more.
However, when BleepingComputer asked Akhirah about the sale of the database, they said it was not only about making money but about how Discord.io allegedly links to illegal and harmful content.
"It's not just about money, some of the servers they overlook I talking about pedophilia and similar things, they should blacklist them and not allow them," Akhirah told BleepingComputer.
The hacker told BleepingComputer that there has been a lot of interest in the database but mostly from people who want to use it for "doxing other people they have problems with."
Instead, Akhirah says they would prefer to wait for the Discord.io operators to contact them about removing allegedly offensive material from the site in exchange for not selling or leaking the stolen database.
What should Discord.io members do?
While the hacker says they have not sold the database, all members should treat the situation as if their data will be abused.
The passwords in this breach are hashed using bcrypt, making them hardware-intensive and slow to crack.
However, email addresses can be valuable to other threat actors as they could be used for targeted phishing attacks to steal more sensitive information.
Therefore, if you are a member of Discord.io, you should be on the lookout for unusual emails with links to pages asking you to enter your password or other information.
For any updates about the breach, you should check the main website, which should contain any information about potential password resets or emails from the service.
By Lawrence Abrams
August 14, 2023 05:40 PM 0
Data flowing from a faucet
Updated: Added further information from Akihirah about the sale of the database.
The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members.
Discord.io is not an official Discord site but a third-party service allowing server owners to create custom invites to their channels. Most of the community was built around the service's Discord server, with over 14,000 members.
Yesterday, a person known as 'Akhirah' began offering the Discord.io database for sale on the new Breached hacking forums. As proof of the theft, the threat actor shared four user records from the database.
For those unfamiliar with the new Breached, it is the rebirth of a popular cybercrime forum known for the sale and leaking of data stolen in data breaches.
Forum post selling Discord.io database
Forum post selling Discord.io database
Source: BleepingComputer
According to the threat actor, the database contains the information for 760,000 Discord.io users and includes the following types of information:
"userid","icon","icon_stored","userdiscrim","auth","auth_id","admin","moderator","email","name","username","password","tokens","tokens_free","faucet_timer","faucet_streak","address","date","api","favorites","ads","active","banned","public","domain","media","splash_opt","splash","auth_key","last_payment","expiration"
The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID.
"This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address," Discord.io explained about the leaking of Discord IDs.
As first reported by StackDiary, Discord.io has confirmed the authenticity of the breach in a notice to its Discord server and website and has begun temporarily shutting down its services in response.
"Discord.io has suffered a data breach. We are stopping all operations for the foreseeable future," reads a message on the service's Discord server.
"For more information, please refer to our #breah-notification channel. We'll be updating our website soon with a copy of this message."
The website for Discord.io contains a timeline explaining that they first learned of the data breach after seeing the post on the hacking forum.
Soon after, they confirmed the authenticity of the leaked data and began shutting down its services and canceling all paid memberships.
Discord.io says they have been contacted by the individual behind the breach and have not shared any information on how they were breached.
BleepingComputer spoke to the seller of the Discord.io database, Akhirah, and was told that they had not spoken to owners of the service yet.
"It's not just about money"
The Discord.io site acts as a directory where visitors can search for Discord servers matching specific content and obtain an invite to access it. In some cases, it is required to purchase and spend the site's virtual currency, Discord.io Coins, to gain access to an invite.
When creating these Discord server profiles, the Discord.io terms of use say that all content is the member's sole responsibility but that the operators have the right to remove any content that is illegal or breaks their rules.
From the limited archived pages of the site, BleepingComputer has seen Discord servers in the directory for a wide variety of interests, including anime, gaming, adult content, and more.
However, when BleepingComputer asked Akhirah about the sale of the database, they said it was not only about making money but about how Discord.io allegedly links to illegal and harmful content.
"It's not just about money, some of the servers they overlook I talking about pedophilia and similar things, they should blacklist them and not allow them," Akhirah told BleepingComputer.
The hacker told BleepingComputer that there has been a lot of interest in the database but mostly from people who want to use it for "doxing other people they have problems with."
Instead, Akhirah says they would prefer to wait for the Discord.io operators to contact them about removing allegedly offensive material from the site in exchange for not selling or leaking the stolen database.
What should Discord.io members do?
While the hacker says they have not sold the database, all members should treat the situation as if their data will be abused.
The passwords in this breach are hashed using bcrypt, making them hardware-intensive and slow to crack.
However, email addresses can be valuable to other threat actors as they could be used for targeted phishing attacks to steal more sensitive information.
Therefore, if you are a member of Discord.io, you should be on the lookout for unusual emails with links to pages asking you to enter your password or other information.
For any updates about the breach, you should check the main website, which should contain any information about potential password resets or emails from the service.
