Discord.io shuts down after hacker steals data on 760,000 members

But the hacker claims this isn’t ‘just about money’
A computer keyboard, ready to accept a password.
A computer keyboard, ready to accept a password.
Dries Augustyns / Unsplash
Alan Martin16 August 2023

A popular third-party Discord service has closed “for the foreseeable future” after being targeted by a hacker offering data on its 760,000 members for sale.

Despite this, the hacker later claimed that the data sale isn’t “just about money”, alleging that the service links to illegal and harmful content including “paedophilia and similar things”.

Discord.io — a directory where users can search for Discord servers matching their interests — first became aware of the data breach when a user named Akirah appeared on the Breached hacking forum offering its data for sale.

With a few examples to prove the attack’s legitimacy, Akirah promised further credentials of 760,000 users up for grabs. Data is said to include usernames, email addresses, salted and hashed passwords, and billing addresses.

After confirming the legitimacy of the attack, Discord.io announced it would be “stopping all operations for the foreseeable future”, though it claims the most damaging data — the passwords and billing addresses — only impacts “a small number of users.”

In the case of the billing addresses, that’s because only those who purchased before the service adopted Stripe are affected. As for passwords, the service has been exclusively offering Discord as a login option since 2018 and it claims only those who used a separate login before then need worry.

“While your password was encrypted to industry standards, if it was not unique, we urge you to update it on any other site where it might be similar,” Discord.io says.

The inclusion of Discord IDs in the breach does “mean that other people might be able to link your Discord account to a given email address,” it conceded.

Despite listing the data for sale on a forum known for hacking and data leaks, Akirah told Bleeping Computer that his or her motivations aren’t purely monetary.

“It’s not just about money, some of the servers they overlook I [sic] talking about paedophilia and similar things, they should blacklist them and not allow them,” the hacker told the site.

Despite receiving plenty of interest from those who want to use the data dump for “doxing other people they have problems with”, Akhirah told the site that their preference was to wait for Discord.io operators to promise a clampdown on this alleged illegal activity in return for the database not being sold.

This is, of course, just one person’s account, and even if it is accurate, the data is already out of the service’s hands, so it doesn’t hurt to be cautious.

If you used Discord.io and shared a password with other sites, change them immediately, and be wary of targeted phishing attempts citing your Discord membership.

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in