Discord.io is not his official Discord site, but a third-party service that allows server owners to create custom invitations to their channels. Most of the community is built around his Discord server on the service, which has over 1
,000 members.
Yesterday, a person named "Akhirah" started selling his Discord.io database on his new Breached hacking forum. As proof of the theft, the attacker shared his records with four users from the database.
For those unfamiliar with the new Breached, it is the rebirth of a popular cybercrime forum known for the sale and leaking of data stolen in data breaches. According to the threat actor, the database contains the information for 760,000 Discord.io users and includes the following types of information:
The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID. This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address," Discord.io explained about the leaking of Discord IDs."userid","icon","icon_stored","userdiscrim","auth","auth_id","admin","moderator","email","name","username","password","tokens","tokens_free","faucet_timer","faucet_streak","address","date","api","favorites","ads","active","banned","public","domain","media","splash_opt","splash","auth_key","last_payment","expiration"
As first reported by StackDiary, Discord.io has confirmed the authenticity of the breach in a notice to its Discord server and website and has begun temporarily shutting down its services in response.
"Discord.io has suffered a data breach. A message on the service's Discord server reads, "For the time being, we are suspending all operations."
"For more information, please visit channel #breah-notification. We will update our website with a copy of this message shortly."
The Discord.io website has a timeline that explains that they first learned of the data breach after seeing a post on a hacking forum. Shortly after, they confirmed the leaked data was genuine and began terminating the service and canceling all paying subscribers. Discord.io says it was contacted by the person behind the breach, but did not share any information about how the breach happened. BleepingComputer spoke to Discord.io database seller Akhirah and learned that they had not yet spoken to the owner of the service.
The Discord.io site acts as a directory where visitors can search for her Discord servers matching specific content and receive invitations to access it. In some cases, you may need to purchase and use her Discord.io coins, the site's virtual currency, to access the invite.
When creating these Discord server profiles for her, Discord.io's terms of service state that all content is the sole responsibility of the member, but the operator will remove content that is illegal or violates the rules. You have the right to
BleepingComputer confirmed on several archived pages of the site that she has a Discord server within directories related to various interests, including anime, games, and adult his content.
However, when BleepingComputer asked Akhirah about the sale of the database, they said it was not only about making money but about how Discord.io allegedly links to illegal and harmful content.
"It's not just about money, some of the servers they overlook I talking about pedophilia and similar things, they should blacklist them and not allow them," Akhirah told BleepingComputer.
The hacker told BleepingComputer that there has been a lot of interest in the database but mostly from people who want to use it for "doxing other people they have problems with."
Instead, Akhirah says they would prefer to wait for the Discord.io operators to contact them about removing allegedly offensive material from the site in exchange for not selling or leaking the stolen database.
What should Discord.io members do?
While the hacker says they have not sold the database, all members should treat the situation as if their data will be abused. The passwords in this compromise are hashed using bcrypt, which is hardware intensive and slow to crack.
However, email addresses can be valuable to other attackers as they can be used in targeted phishing attacks to steal more sensitive information.
So if you're a Discord.io member, be on the lookout for unusual emails with links to pages asking you to enter your password or other information.
Please check the Discord website for the latest information on the breach. There should be information about possible password resets and emails from the service.