Discord.io goes offline after hackers steal data of 760,000 users
A popular service that allowed people to create custom links for their Discord channels has suffered a massive data breach and says it will shut down operations “for the foreseeable future.”
Discord.io on Tuesday announced that hackers had penetrated its database on the night of August 14, taking large swaths of user data. The company, in its update, did not disclose how many users were impacted, but TechRadar reports some 760,000 members had their information compromised.
The hackers appear to have exploited a vulnerability in Discord.io’s web code. The site says it has gone offline “until further notice” as it investigates possible causes, and rewrites its website’s code and overhauls security practices.
Given the popularity of both the tool and Discord, along with the site’s decision to abruptly shut down, there’s a lot of confusion about this hack. Here’s what you need to know.
What data did the Discord.io hackers take?
Along with nonsensitive information, like user registration dates and last payment date, the hackers were able to gain a number of potentially sensitive details about users, including:
Payment information was not stored on the site, so doxing (publicly and maliciously providing personally identifiable information about a user), rather than financial fraud or identity theft, is the chief threat.
Is Discord.io the same as Discord?
No. Discord.io is a third-party service that lets people create custom invitations to join their Discord channels. Those personalized invitations often help build a community faster, as users didn’t have to manually search for it on the official Discord site.
Despite the similarity in the names, it had no official affiliation with Discord, the communication tool that lets people exchange instant messages, share their screens, make live calls, and interact with communities of people with similar interests.
Is Discord.io closed forever?
That remains to be seen. The company’s statement said it was “stopping all operations for the foreseeable future.” It has also canceled all active subscriptions and said current members will not be charged again.
While that sounds dire, there is a chance Discord.io could return. The founders say they plan to rewrite the website’s code and undergo “a complete overhaul of our security practices,” but of course that’s no guarantee.
I’ve got a Discord.io membership. What happens to my money?
If you purchased a premium membership to the site in the last 30 days, Discord.io says it will refund you in full. (It’s asking affected members to contact its support division to speed up those refunds.) Longer-term users will not be charged moving forward.
Do I need to change my Discord password or user ID?
That depends on how much you value anonymity. While the hackers did gain access to people’s Discord ID, that’s easily obtainable from anyone you share a server with. With this breach, though, the hackers are potentially able to link your user ID to an email address.
Discord.io did not have users’ Discord passwords, so there’s no immediate need for most users to change that data. However, a small number of users who signed up prior to 2018 could have issues. At the time, Discord.io did not use Discord as a login option, so people chose their own password. If you’re part of that small collective and that wasn’t a unique password, it’s a good idea to change it.
Has the data that was stolen been released publicly?
Discord says the hacker has put the stolen data up for sale on a third-party site. BleepingComputer says it has been in contact with the hacker, who told them there is substantial interest in the database, but implied they had not yet sold or leaked it, and were also hoping to pressure Discord.io operators to remove links to certain Discord channels.
(12)