A major breach at Discord.io has led to the exposure of sensitive data belonging to around 760,000 users, forcing the temporary shutdown of its custom invite service.
Discord.io, a third-party platform allowing server owners to create custom invitations, was compromised by a cybercriminal known as ‘Akhirah’, who offered the pilfered database on a hacking forum.
The exposed information includes usernames, email addresses, IDs, and some salted and hashed passwords. Discord.io has asserted that this data can be accessed by anyone sharing a server with the affected users.
In response to the breach, Discord.io quickly suspended its services, cancelled paid memberships, and verified the legitimacy of the data leak.
However, specifics about the breach’s origin remain undisclosed.
The breach has raised concerns about user privacy and security, prompting Discord.io to prioritize user protection by temporarily halting its operations. The breach occurred on a server with over 14,000 members, and its exposed data was offered for sale on a well-known cybercrime forum called Breached.
The attacker, Akhirah, claims that their motive transcends monetary gain and relates to Discord.io’s alleged association with illegal content, including paedophilia.
Akhirah has expressed willingness to cooperate with the platform to remove objectionable content in exchange for not further distributing the stolen data.
The incident underscores the significance of stringent security measures for online platforms. Discord.io is now focusing on enhancing security protocols and safeguarding user data for the future. The breach reminds users to remain cautious and vigilant, monitoring their accounts for any unusual activity.
In conclusion, Discord.io’s response to this breach will be pivotal in rebuilding user trust and securing its community. Strengthened security measures, swift action, and transparent communication will be essential to restoring user confidence and maintaining a secure environment moving forward.