Introduction:
Discord.io, a popular third-party service that allows server owners to create custom invites to their Discord channels, has confirmed a data breach that exposed the information of 760,000 members. The breach was discovered when a hacker known as ‘Akhirah’ began offering the stolen database for sale on the Breached hacking forums as reported by BleepingComputer.
Details of the Breach:
The stolen database contains information for 760,000 Discord.io users, including usernames, email addresses, billing addresses (for a small number of people), salted and hashed passwords (for a small number of people), and Discord IDs. The most sensitive information in the breach is a member’s username, email address, billing address, and Discord ID. Discord.io has confirmed the authenticity of the breach and has temporarily shut down its services in response.
Motivation Behind the Breach:
The hacker, Akhirah, told BleepingComputer that the sale of the database was not only about making money but also about how Discord.io allegedly links to illegal and harmful content, such as pedophilia. Akhirah stated that they would prefer to wait for the Discord.io operators to contact them about removing the offensive material from the site in exchange for not selling or leaking the stolen database.
Recommendations for Discord.io Members:
Members of Discord.io should treat the situation as if their data will be abused. The passwords in the breach are hashed using bcrypt, making them hardware-intensive and slow to crack. However, email addresses can be valuable to other threat actors for targeted phishing attacks. Members should be on the lookout for unusual emails with links to pages asking for passwords or other information.
Conclusion:
The Discord.io data breach highlights the importance of securing user data and the potential risks associated with third-party services. Users should be vigilant in protecting their personal information and be cautious when using online services.
Source: BleepingComputer, Author: Lawrence Abrams