HQ/EMEAFind out how we can help your business
A widely used communication platform Discord.io recently experienced a data breach, resulting in a leak of content from their database to unknown actors. The platform’s operators swiftly investigated the breach, forcing them to shut down all services and operations.
Initial findings from the ongoing investigation point towards a vulnerability in the website’s code as the entry point for the breach. This vulnerability gave attackers unauthorised access to Discord.io’s database, ultimately leading to the download of the entire dataset.
Reports indicate that the stolen database from Discord.io has been sold to a third-party website, raising alarms about threat actors’ potential misuse of sensitive data.
The breach leaked users’ non-sensitive information, including their internal user IDs, avatar details, account status, coin balances, current streaks in the platform’s free minigame, API keys, registration dates, and premium membership details. Additionally, certain potentially sensitive data was exposed, such as usernames, Discord IDs, email addresses, billing addresses, and salted and hashed passwords (for a limited number of pre-2018 users).
Nonetheless, the platform assured that no payment information was compromised. The company has pledged to implement appropriate measures to prevent similar incidents from occurring again, including a comprehensive rewrite of the website’s code and a complete overhaul of its security practices.
No action is required on the Discord platform for users whose authentication tokens were not compromised. However, users who registered on the site before 2018 using the previous username/password method are strongly advised to update their passwords on other websites where similar passwords are used.
Furthermore, users’ premium memberships are included in the platform’s suspension of operations. Active subscriptions have been cancelled, ensuring users will not incur additional charges. The platform offers full refunds for users who purchased a premium membership within the last 30 days.
The Discord.io data breach incident underscores the significance of maintaining robust cybersecurity practices for online platforms. Users must apply caution when sharing personal information online, while service providers are reminded to ensure the safety and security of user data.
