Discord.io, a third-party service that offered custom invite URLs for Discord servers, has shut down operations for the “foreseeable future” following a major data breach that saw the personal information of nearly 760,000 members compromised.
The team behind Discord.io said they are still investigating the incident. The team believes that the cause of the breach was a vulnerability in the website’s code, which allowed the threat actors to gain access to Discord.io’s database.
“We have decided to take down our site until further notice. We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again. This will include a complete rewrite of our website's code, as well as a complete overhaul of our security practices,” the team wrote.
The stolen information was put up for sale on the new Breached hacking forum. The data included usernames, email addresses, billing addresses (a small number of people), salted and hashed passwords (a small number of people), and Discord IDs.
Discord.io has confirmed that leaked data included sensitive account information such as usernames, email addresses and billing addresses, as well as non-sensitive data like internal user IDs, info about the user’s status and coin balance, the API keys, registration dates and the last payment dates.
The company said no financial data was leaked in the incident as it doesn’t store payment information.
