What happened in the Discord.io data breach?

A data breach occurred on August 14, 2023, affecting Discord.io, a third-party service that provides custom invites to Discord servers. Personal data of over 760,000 users was exposed in the breach.

Discord.io is a service that allows users to create custom invites for Discord servers. It is not affiliated with the official Discord platform. The service has been suspended due to the breach.

What information was exposed in the breach?

The breached database includes Discord usernames, IDs, emails, and salted/hashed passwords. While passwords are difficult to crack, the other information could be used for phishing and social engineering.

What actions were taken after the breach?

Discord.io promptly confirmed the breach and suspended all operations indefinitely. They provided breach details on their website. The hacker behind the breach, Akhirah, wants malicious content removed from the site and seeks communication with the platform's management.

What is the hacker's motivation?

The hacker, Akhirah, stated that their motivation goes beyond money. They want harmful content removed from the site and discussed issues like pedophilia on certain servers. Discord.io has confirmed contact with the attacker but has not disclosed any attack details.

Incident

Discord.io custom invite service confirms data breach as hacker sells data of 760K users

published: Aug. 14, 2023

Take action: If you were using Discord.io service, time to reset your password. Now.

Learn More

A data breach has hit Discord.io, a third party service providing custom invites to Discord servers. The breach occurred on August 14, 2023, and exposed the personal data of over 760,000 users.

Discord.io, not related to the official Discord, has suspended services due to the breach. The Discord.io site acts as a directory where visitors can search for Discord servers matching specific content and obtain an invite to access it.

The hacker, 'Akhirah,' is selling the breached Discord.io database on the Breached hacking forums. The package they are selling includes:

Discord usernames,
IDs,
emails,
salted/hashed passwords

The full package as shared on the Breached forums contains the following columns:

"userid","icon","icon_stored","userdiscrim","auth","auth_id","admin","moderator","email","name","username","password","tokens","tokens_free","faucet_timer","faucet_streak","address","date","api","favorites","ads","active","banned","public","domain","media","splash_opt","splash","auth_key","last_payment","expiration"

Although passwords are hard to crack, the rest of the data could be exploited for phishing and names for social engineering

Discord.io promptly confirmed the breach, suspending all operations indefinitely and providing breach details on their website. The hacker, Akhirah, wants malicious content removed from the site and seeks communication with the platform's management.

"It's not just about money, some of the servers they overlook I talking about pedophilia and similar things, they should blacklist them and not allow them," Akhirah told BleepingComputer.

Discord.io confirms they have been contacted by the attacker but have not disclosed any details of the attack.

Discord.io custom invite service confirms data breach as hacker sells data of 760K users