What Is Discord.io, And How To Tell If Your Data Was Leaked
Discord has become one of the most popular social media services for those in the gaming and entertainment spheres, thanks to its helpful voice channel system, among other services. The only really unwieldy part of using Discord on a large scale is sharing around the information necessary to invite new members to your server.
This is where third-party services like Discord.io have come in, allowing users to create quick and easy URLs that prospective members can click to immediately join. Unfortunately, that convenience has led to a rather severe data breach.
According to a BleepingComputer report (via TechRadar), Discord.io suffered a major hack, exposing the information of approximately 760,000 users. The reports of the hack were corroborated by not just Discord.io itself, but the very hacker responsible, who posted a sample of the stolen data in the Breached forums — an illegal black-hat hacking community.
In response to this breach, Discord.io has halted all operations indefinitely, as well as paused payments from any premium users.
What is Discord.io, and why was it attacked?
Discord.io is a third-party service, with no official affiliation with Discord proper. The service's lone purpose is the creation of custom URLs for individual Discord servers. These URLs allow the members of a Discord server to quickly and easily create a means for new members to find the server and join in, as well as make the process feel more like a personal invitation.
According to the hacker "Akirah," who spoke to BleepingComputer, Discord.io's links were allegedly being used to connect to illegal and harmful content. "It's not just about money, some of the servers they overlook are talking about pedophilia and similar things, they should blacklist them and not allow them," they said.
Akirah has allegedly received offers on the Breached forums to purchase the database for malicious purposes, though they are apparently waiting to see if Discord.io would blacklist the aforementioned illegal content before making a sale.
What was stolen and were you affected?
According to Discord.io, the stolen information includes various and potentially sensitive information from several Discord accounts. The benign information includes Discord user IDs, which are readily available and visible anyway, as well as API keys, registration dates, online status, and payment dates.
The more sensitive information includes email addresses, billing addresses, and passwords. Discord.io does not store payment information, so at the very least, affected users should not experience any instances of outright theft as a result of the breach.
Discord.io has not provided a full list of potentially affected users, and the hacker responsible is holding onto the database themselves until they either cut a deal with Discord.io, or someone buys it. Since Discord.io users log into the service using separate user IDs, it theoretically should not be necessary to change any information in Discord proper.
However, the service has advised any users who signed up prior to their login system changeover in 2018 to change any usernames or passwords that they use on both Discord.io and other sites.