Discord.io temporarily closes after suffering a data breach that exposed 760,000 members' information
On the night of August 14 Discord.io, a third-party service that allows server owners to create custom invitations to their channels, suffered a major data breach, resulting in the contents of its database being leaked to unknown actors. The cause of the attack is still unknown, but the company has disclosed that the breach may have been caused by a vulnerability in its website code due to an update, which allowed the attacker to download the entire database and subsequently make it available for sale.
A cybercriminal, known as Akhirah, began offering the Discord.io database for sale on hacking forums as proof of the theft, where he shared four user records from the database.
Discord.io has informed members about the data compromised in the breach, this includes sensitive details such as usernames, DiscordIDs and email addresses. A small amount of member billing addresses and encrypted passwords have also been exposed. However, no payment details were breached, as Discord.io does not store this information and all transactions are processed through PayPal and Stripe.
Ante esta situación, Discord.io ha cancelado todas las suscripciones activas y se ha comunicado con sus miembros lo antes posible. Por otro lado, ha decidido cerrar su sitio web hasta nuevo aviso y tomar medidas para garantizar que esto no vuelva a suceder, incluyendo la reescritura completa del código de su sitio web, así como una revisión completa de sus prácticas de seguridad.
In light of this situation, Discord.io has cancelled all active subscriptions and communicated with its members as soon as possible. On the other hand, it has decided to shut down its website until further notice and to take steps to ensure that this does not happen again, including a complete rewrite of its website code, as well as a complete review of its security practices.
-
17/08/2023wired.com