A breach of a third-party Discord app has led to the data of 760,000 users of the messaging service being leaked. The information includes usernames, email addresses, some billing addresses, hashed passwords and Discord IDs.
The affected app, Discord.io, has halted all operations for the foreseeable future after the stolen information was posted on a hacking forum.
Data of 760,000 Discord.io users leaked through third-party application
Discord.io is a third-party application created for Discord that allows users to write and send custom invites for their channels. Its own Discord server has amassed over 14,000 members.
Yesterday, a user of the forum Breached posted four user records from the leaked data as proof of the theft, and it has since been verified as genuine by Discord.io.
In a post to its site, administrators of the application explained that “Discord.io has suffered a data breach,” and that it is “stopping all operations for the foreseeable future.” Billing addresses, email addresses, usernames, IDs and hashed passwords are listed as part of the leak of “potentially sensitive information.”
“This information is not private and can be obtained by anyone sharing a server with you,” a statement from the app’s developers says. “Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address.”
Discord.io said it is “stopping all operations for the foreseeable future,” and added: “We have cancelled existing premium subscriptions and we’ll be reaching out as soon as possible on an individual basis.
“As of this message, we have not yet been contacted by the people responsible for this breach nor have we reached out to them. As far as we currently know, the database itself has not yet been shared publicly.”
The perpetrator has come forward
The Breached user that leaked the information, known as Akhirah, told Bleeping Computer that he believes some of the some of the Discord servers link to illegal content.
“It’s not just about money, some of the servers they overlook,” they said.
Discord.io acts as a directory for users to search for specific content and then obtain an invite to access it. Sometimes a transaction of the site’s digital currency, Discord.io coins, is necessary to obtain access.
Akhirah explained that while they had received interest in users wishing to obtain the tranche of data to use it for “doxing other people they have problems with,” they were hoping to reach an agreement with Discord.io’s developers to remove illegal content in exchange for the safe return of the data.
Read more: LockBit lists seven new ransomware victims
