An unidentified individual has listed the data of 760,000 Discord.io users for sale on a darknet forum. This discovery was brought to light by the “Information Leaks” Telegram channel, associated with the Russian service for tracking vulnerabilities, data leaks, and monitoring fraudulent online resources.

For clarity, Discord.io is a third-party interface tailored for the widely-used Discord messenger. The offered database comprises details like email addresses, hashed passwords, and other user-specific data.

  • @skilledtothegillsOP
    link
    English
    3511 months ago

    I’m actually curious where did they got the passwords from? Discord.io looks to be using Discord itself for authenticating users, but I myself have never used the service so I have no idea.

    • @[email protected]
      link
      fedilink
      English
      2311 months ago

      Depending on how that authentication handshake is implemented secrets can be leaked. It could be a security flaw on Discord’s side that Discord.io has access to via SSO, or it could be that Discord.io stores username and password for some reason.

      • @[email protected]
        link
        fedilink
        English
        2
        edit-2
        11 months ago

        Yeah but there’s a big difference between tokens that can easily be revoked and what could be potentially plain-text passwords.

        edit: Okay, so it sounds like they had their own account system back in 2018 separate from Discord. That makes more sense.