An unidentified individual has listed the data of 760,000 Discord.io users for sale on a darknet forum. This discovery was brought to light by the “Information Leaks” Telegram channel, associated with the Russian service for tracking vulnerabilities, data leaks, and monitoring fraudulent online resources.
For clarity, Discord.io is a third-party interface tailored for the widely-used Discord messenger. The offered database comprises details like email addresses, hashed passwords, and other user-specific data.
The fact that the passwords are hashed is small comfort. It’s good for sure but potentially impacted users should still change their passwords and any accounts that share that password.
Don’t share passwords but if you do and yours is compromised attackers can use it to try and access other services. If you reuse the credentials and Discord.io uses some bad practices (like not salting their hashes) then you’re at risk.
I know what discord is - because I use it daily. But what is discord.io? The article doesn’t really say what the relationship between discord.io and discord is, but they are using the official Discord logo and official Discord name in the article photo. What is discord.io and what’s the use case for using it?
They provide a functionary service for discord servers to have URL redirects pointed at themselves for invites. So less average users and more power users/ servers owners are taking the hit here.
The breach has now been confirmed by the Discord.io team and the article has been updated to reflect this.
Oh shit my conversations in the tentacle hentai discord! 😱
deleted by creator
deleted by creator
