Security

Cyber-crime

Discord.io pulls the cord after crooks steal 760K users' info

Cleanup will involve 'complete rewrite of our website's code'


Discord.io has shut down "for the foreseeable future," after crooks stole, and then put up for sale, data belonging to all 760,000 of the service's users.

The attack happened on Monday night"resulting in content from our database being leaked to unknown actors," according to a notice on the Discord.io website.

After swiping all of the data, including both "non-sensitive" and "potentially-sensitive" account details, a miscreant who goes by the handle Akhirah dumped the info on a cybercrime forum.

"We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again," the Discord.io notice said. "This will include a complete rewrite of our website's code, as well as a complete overhaul of our security practices."

To be clear: the intrusion happened to Discord.io, a third-party service for creating custom invites for individual Discord servers. It's separate from Discord, the IRC-on-steroids instant-chat empire that remains secure.

Discord.io said it confirmed the dumped data was taken from its systems, and because of this "decided to take down our site until further notice." While an investigation is still ongoing, the site administrators say they believe the intruders gained access to the website via buggy code, which allowed them to break into the database.

Stolen data includes users' names (usually your current Discord username), email addresses, Discord IDs, and billing addresses of anyone who made a purchase on the site before Discord.io began using Stripe.

Miscreants also leaked users' salted and hashed passwords, which the service says only affects "a small number of people from before we exclusively offered Discord as a login option." That began in 2018.

"While your password was encrypted to industry standards, if it was not unique, we urge you to update it on any other site where it might be similar," the site admins cautioned.

The crooks did not access payment information, which Discord.io says it does not store on its servers any more since moving to Stripe and PayPal.

And in addition to the above mentioned user info, the criminals leaked some additional "non-sensitive" account details including: internal user ID, avatar info, status (ie, moderator, admin, banned, public, etc), coin balance, API key, registration date, last payment date and the expiration date for users' premium membership.

As well as shutting down the site, Discord.io has also cancelled all active subscriptions, and promised to refund all premium memberships purchased in the last 30 days. ®

Send us news
7 Comments

'Cyberattack' shutters Christie's website days before $840M art mega-auction

Going once, going twice, going offline

First LockBit, now BreachForums: Are cops winning the war or just a few battles?

TLDR: Peace in our time is really really hard

Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

Spoiler alert: it's not really IT support controlling your device

Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Throw another healthcare biz on the barby, mate

America's enemies targeting US critical infrastructure should be 'wake-up call'

Having China, Russia, and Iran routinely rummaging around is cause for concern, says ex-NSA man

Crook brags about US Army and $75B defense biz pwnage

More government data allegedly stolen by prolific criminals

FCC names and shames Royal Tiger AI robocall crew

Agency is on the lookout for a Prince among men

Ransomware negotiator weighs in on the extortion payment debate with El Reg

As gang tactics get nastier while attacks hit all-time highs

Microsoft's Brad Smith summoned by Homeland Security committee over 'cascade' of infosec failures

Major intrusions by both China and Russia leave a lot to be answered for

68 tech names sign CISA's secure-by-design pledge

Security's an uphill battle ... does this latest move have teeth?

Microsoft fixes a bug abused in QakBot attacks plus a second under exploit

Plus: Google Chrome, Apple bugs also exploited in the wild

AWS CISO tells The Reg: In the AI gold rush, folks are forgetting application security

'Everybody's learning as they go. But there's a rush to get these apps out'