View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 15, 2023

Discord.io data breach sees information on 760,000 users leaked

The supposed perpetrator of the theft is calling for the app to remove what they say is illegal content in exchange for the data's safe return.

By Claudia Glover

A breach of a third-party Discord app has led to the data of 760,000 users of the messaging service being leaked. The information includes usernames, email addresses, some billing addresses, hashed passwords and Discord IDs.

Data of 760,000 Discord.io users leaked through third-party application. (Photo by mouby studio/Shutterstock)

The affected app, Discord.io, has halted all operations for the foreseeable future after the stolen information was posted on a hacking forum.

Data of 760,000 Discord.io users leaked through third-party application

Discord.io is a third-party application created for Discord that allows users to write and send custom invites for their channels. Its own Discord server has amassed over 14,000 members. 

Yesterday, a user of the forum Breached posted four user records from the leaked data as proof of the theft, and it has since been verified as genuine by Discord.io.

In a post to its site, administrators of the application explained that “Discord.io has suffered a data breach,” and that it is “stopping all operations for the foreseeable future.” Billing addresses, email addresses, usernames, IDs and hashed passwords are listed as part of the leak of “potentially sensitive information.”

“This information is not private and can be obtained by anyone sharing a server with you,” a statement from the app’s developers says. “Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address.”

Discord.io said it is “stopping all operations for the foreseeable future,” and added: “We have cancelled existing premium subscriptions and we’ll be reaching out as soon as possible on an individual basis.

Content from our partners
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Infosecurity Europe 2024: Rethink the power of infosecurity

“As of this message, we have not yet been contacted by the people responsible for this breach nor have we reached out to them. As far as we currently know, the database itself has not yet been shared publicly.”

The perpetrator has come forward

The Breached user that leaked the information, known as Akhirah, told Bleeping Computer that he believes some of the some of the Discord servers link to illegal content. 

“It’s not just about money, some of the servers they overlook,” they said. 

Discord.io acts as a directory for users to search for specific content and then obtain an invite to access it. Sometimes a transaction of the site’s digital currency, Discord.io coins, is necessary to obtain access. 

Akhirah explained that while they had received interest in users wishing to obtain the tranche of data to use it for “doxing other people they have problems with,” they were hoping to reach an agreement with Discord.io’s developers to remove illegal content in exchange for the safe return of the data.

Read more: LockBit lists seven new ransomware victims

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU