An unidentified individual has listed the data of 760,000 Discord.io users for sale on a darknet forum. This discovery was brought to light by the “Information Leaks” Telegram channel, associated with the Russian service for tracking vulnerabilities, data leaks, and monitoring fraudulent online resources.

For clarity, Discord.io is a third-party interface tailored for the widely-used Discord messenger. The offered database comprises details like email addresses, hashed passwords, and other user-specific data.

  • @ivenoidea
    link
    English
    124
    edit-2
    1 year ago

    Discord.imo, for anyone unsure like me, seems to be unaffiliated with Discord itself and simply a website to find Discord servers to join. It’s offline now.

    Edit: Ah I see the article mentions that as well, it didn‘t load for me earlier.

    Might still be good to have that info here. The amount of upvotes makes it seem like a lot of people might think this is about Discord itself.

    • @skilledtothegillsOP
      link
      English
      351 year ago

      I’m actually curious where did they got the passwords from? Discord.io looks to be using Discord itself for authenticating users, but I myself have never used the service so I have no idea.

      • @[email protected]
        link
        fedilink
        English
        231 year ago

        Depending on how that authentication handshake is implemented secrets can be leaked. It could be a security flaw on Discord’s side that Discord.io has access to via SSO, or it could be that Discord.io stores username and password for some reason.

        • @[email protected]
          link
          fedilink
          English
          2
          edit-2
          1 year ago

          Yeah but there’s a big difference between tokens that can easily be revoked and what could be potentially plain-text passwords.

          edit: Okay, so it sounds like they had their own account system back in 2018 separate from Discord. That makes more sense.

    • @realbaconator
      link
      English
      91 year ago

      At first glance that’s what it looks like, but it’s good that your comment is the top for clarity.

  • @[email protected]
    link
    fedilink
    English
    251 year ago

    The fact that the passwords are hashed is small comfort. It’s good for sure but potentially impacted users should still change their passwords and any accounts that share that password.

    Don’t share passwords but if you do and yours is compromised attackers can use it to try and access other services. If you reuse the credentials and Discord.io uses some bad practices (like not salting their hashes) then you’re at risk.

  • @[email protected]
    link
    fedilink
    English
    171 year ago

    I know what discord is - because I use it daily. But what is discord.io? The article doesn’t really say what the relationship between discord.io and discord is, but they are using the official Discord logo and official Discord name in the article photo. What is discord.io and what’s the use case for using it?

    • @realbaconator
      link
      English
      181 year ago

      They provide a functionary service for discord servers to have URL redirects pointed at themselves for invites. So less average users and more power users/ servers owners are taking the hit here.

  • @skilledtothegillsOP
    link
    English
    151 year ago

    The breach has now been confirmed by the Discord.io team and the article has been updated to reflect this.

  • Cyber Yuki
    link
    English
    121 year ago

    Oh shit my conversations in the tentacle hentai discord! 😱

    • @sbexpert
      link
      English
      91 year ago

      Oh shit, you got a link?

  • Campa
    link
    English
    31 year ago

    deleted by creator

    • @pret2xyz
      link
      English
      21 year ago

      deleted by creator