Discord.io, a platform that enabled users to generate personalized links for their Discord channels, is shutting down in the aftermath of a significant data breach. As reported by TechRadar, a hacker managed to abscond with the information of 760,000 users. This pilfered data sample has been made available on Breached Forums, potentially for the purpose of selling it. The discord.io site now displays a message saying: “We are stopping all operations for the foreseeable future”.
The third-party service has broken down exactly what is and isn’t contained in the stolen data in a list.
What is contained in the Discord.io breach?
Non-sensitive information about your account:
- Your internal user ID.
- Information about your avatar.
- Your status (moderator/admin/has ads/banned/public/etc).
- Your coin balance, and current streak in our free minigame.
- Your API key (this does not give access to your account, and was only available to less than a dozen users).
- Your registration date.
- Your last payment date and the expiration date of your premium membership.
Potentially sensitive information about your account:
- Your username. Either the one you provided at signup, or, for most of you, your current Discord username.
- Your Discord ID. This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address.
- Your email address. Either the one you provided at signup, or, for most of you, your current Discord e-mail address.
- Your billing address. This should only concern a small number of people and corresponds to the billing address you gave us in order to make a purchase on our site before we began using Stripe.
- Your salted and hashed password. This should only concern a small number of people from before we exclusively offered Discord as a login option (starting in 2018). While your password was encrypted to industry standards, if it was not unique, we urge you to update any other site that might have used this password.
What is not contained in the Discord.io breach?
- Anything not explicitly listed above.
- Your payment details (those are stored safely by our partners Stripe and PayPal).
The platform has announced the termination of active premium subscriptions. They also mention that they haven’t received any communication from the hacker, and to the best of their knowledge, “the database itself has not been made public” at this point.
