Discord.io gets taken down after massive data breach

Ransomware
(Image credit: Pixabay)

Discord.io, a third-party service that helps people generate custom invites for their Discord channels, has been hacked, and information on some 760,000 members stolen. The service has since suspended its operations, and the attacker explained that this is actually a ransom attack - with a twist.

As seen on BleepingComputer, a user going by the name Akirah recently took to the new Breached forums (a successor to the old Breached forums that were shut down by law enforcement recently) to offer the Discord.io database for sale. 

They provided a few examples to illustrate the legitimacy of their claim. Apparently, the database contains different types of information, including user IDs, salted and hashed passwords, and last payment made, among others. 

Permanent pause

Commenting on the news, Discord.io played down the importance of Discord IDs being stolen, but shut down its service nonetheless. "This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address," Discord.io said about Discord IDs.

Still, it said it would be stopping all operations indefinitely: "Discord.io has suffered a data breach. We are stopping all operations for the foreseeable future," the service said on its Discord server. 

The publication also managed to reach Akirah, who said their motivations weren't purely financial. The hacker claims Discord.io links to illegal and harmful content, and by stealing the data and offering it for sale, they want to pressure the service into removing such content.

"It's not just about money, some of the servers they overlook are talking about pedophilia and similar things, they should blacklist them and not allow them," Akhirah told BleepingComputer.

So Akirah is now apparently waiting to be contacted by Discord.io, before agreeing to sell the database to anyone. Users should still protect themselves from ID theft by updating their passwords and changing any other sensitive information.

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.