The Discord.io custom invite service has temporarily shut down after suffering a data breach exposing the information of 760,000 members. Note that Discord.io is not an official Discord site. Discord is a widely recognized communication platform, predominantly favored by gamers and diverse online communities. On the other hand, Discord.io operates as a third-party service, independent of Discord's governance.
Discord.io simplifies the process for users, allowing them to join specific servers without scouring through Discord’s official site. Discord.io fell victim of data breach where data was stolen. As per BleepingComputer, A person known as 'Akhirah' began offering the Discord.io database for sale on the new Breached hacking forums.
Security impact
According to the threat actor, the database contains the information for 760,000 Discord.io users and includes the following types of information: userid,icon,icon_stored,userdiscrim,auth,auth_id,admin,moderator,email,name,username,password,tokens,tokens_free,faucet_timer,faucet_streak,address,date,api,favorites,ads,active,banned,public,domain,media,splash_opt,splash,auth_key,last_payment,expiration.
The most sensitive information in the breach is a member's username, email address, billing address (small number of people), salted and hashed password (small number of people), and Discord ID.
Discord.io began with shutting down its services soon after they confirmed the authenticity of the leaked data and canceled all paid memberships.
Almost an year ago, Discord was targeted via malware attacks - https://www.linkedin.com/posts/crac-learning_malware-targets-discord-data-activity-6959519877304844290-up6m?
Recommendation
The passwords in this breach are hashed using bcrypt, making them hardware-intensive and slow to crack. However, it is recommended to rotate your password and not use same password for multiple sites.
Email addresses can be targeted by attackers through phishing. You should be on the lookout for phishing emails with untrusted links asking you to enter your password or other information.
All users whose data could potentially be part of the breach should change their passwords and enable two-factor authentication on their accounts as a precautionary measure. They have also advised users to monitor their bank accounts and credit card statements for any suspicious activity.
Conclusion
The Discord.io website functions as a directory, enabling users to explore Discord servers that align with particular content and acquire an invitation to join. On certain occasions, acquiring an invitation might necessitate the acquisition and expenditure of the platform's virtual currency, known as Discord.io Coins. However, Akhirah expresses a preference for patiently anticipating communication from the operators of Discord.io. They hope for a dialogue regarding the removal of content perceived as offensive from the site. In return, they commit to refraining from selling or disclosing the pilfered database.
Commenti