Data from 760,000 users of Discord invitation service Discord.io has been leaked

Hackers have put data of 760,000 users of Discord invitation service Discord.io online. The service leaked hashed passwords of a small number of users in addition to usernames and email addresses. Users’ billing addresses have also been leaked.

Discord.io has temporarily disabled all its services ‘for the foreseeable future’. On the service’s website there is only information about the incident. Discord.io is a popular invitation service for the chat app of the same name, but is otherwise separate from it.

The data breach appeared on the Breached forum, which restarted earlier this year after the site was taken down. The leak was spotted by, among others Information Leaks on Telegram, which monitors major data breaches. The information has appeared on Breached Forums with four examples from the database to prove its authenticity, but it is unknown if the actual database has been made public or has already been sold. According to Discord.io, there are no signs of this yet. The agency says it has had no contact with the attackers.

The hackers stole the data of about 760,000 users. In any case, usernames, Discord IDs and email addresses have been stolen. In addition, data has been stolen that Discord.io does not consider sensitive. These include the internal user ID, statuses and registration dates. Hashed and salted passwords have also been stolen from a ‘small number of users’. This only applies to users who had an account from before 2018 and where Discord was not offered as a login method. Billing addresses were also allegedly stolen from a small number of users. That was only the case if users had made a purchase before Discord.io switched to Stripe. However, the company does not say when that happened.