Discord.io, a third-party service that allowed users to find and share servers for the voice, video and text chat app Discord, is shutting down following a data breach.
In a post on its website, it said Discord.io suffered a “major data breach” on Monday night resulting in content from the database being leaked to “unknown actors.”
“We were made aware of the breach later on in the day, and after confirming the content of the breach, we decided to shut down all services and operations,” it said.
“We are still investigating the breach, but we believe that the breach was caused by a vulnerability in our website’s code, which allowed an attacker to gain access to our database. The attacker then proceeded to download the entire database, and put it up for sale on a [third] party site,” Discord.io wrote.
PUBLIC SPACES ARE GOLD FOR HACKERS; HERE’S HOW TO PROTECT YOUR DATA
TechRadar reported that a hacker stole the data of 760,000 users, and posted a sample on Breached Forums in order to potentially sell it.
Non-sensitive information about accounts was leaked, including internal users IDs, information about avatars, statuses, coin balances and streaks in its free minigame, API keys, registration states and the last payment date and expiration date of premium memberships.
Some potentially sensitive information about accounts was also impacted, including usernames, Discord IDs, email addresses, billing addresses and salted and hashed passwords.
Addresses and salted and hashed passwords “should only concern a small number of people,” the notice said.
Discord.io said it does not store any payment information and that all payments are processed using PayPal and Stripe.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
The site will remain down “until further notice.”
“We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again,” Discord.io said. “This will include a complete rewrite of our website’s code, as well as a complete overhaul of our security practices.”
Users who signed up on the site before 2018 – using previous username and password registration – are urged to change passwords on any other site that might have used the same password.
As Discord.io only stores user-ids and not Discord authentication tokens, there is no need to change passwords or take any other action on Discord itself.
CLICK HERE TO READ MORE ON FOX BUSINESS
All active subscriptions on Discord.io have been canceled and subscribers will not be charged again and will receive a full refund if they purchased a premium membership within the last 30 days.