Discord.io Shuts Down After Data Breach

Following a massive data breach, the owners of the Discord.io platform decided to take down the platform until further notice, leaving no indication of whether it will ever come back online.

Discord.io is a service that allows users to make custom links they can then post on Discord channels. And since Discord has such a large user base, the number of people using this third-party platform is also substantial. Around 760,000 users are affected.

Not every day do we see a service suspending its operations following a data breach. Discord.io decided to stop its services at least until an investigation takes place. To their credit, the website was pulled down very quickly after the data breach was discovered.

"On the night of the 14th of August, Discord.io suffered a major databreach, resulting in content from our database being leaked to unknown actors," said the owners of the service on their website. "We were made aware of the breach later on in the day, and after confirming the content of the breach, we decided to shut down all services and operations."

It hasn't been determined precisely how the hackers managed to compromise the website yet.It's believed criminals gained access to the database via a vulnerability in the website's code. The data leaked contained sensitive information and other types of data websites usually collect from their users.

Non-sensitive information about your account:

• Your internal user ID
• Information about your avatar
• Your status (moderator/admin/has ads/banned/public/etc)
• Your coin balance and current streak in our free minigame.
• Your API key (this does not give access to your account and was only available to less than a dozen users).
• Your registration date.
• Your last payment date and the expiration date of your premium membership.

Potentially sensitive information about your account:

• Your username - Either the one you provided at signup, or, for most of you, your current Discord username.
• Your Discord ID - This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address.
• Your email address - Either the one you provided at signup, or, for most of you, your current Discord e-mail address.
• Your billing address - This should only concern a small number of people and corresponds to the billing address you gave us in order to make a purchase on our site before we began using Stripe.
• Your salted and hashed password - This should only concern a small number of people from before we exclusively offered Discord as a login option (starting in 2018). While your password was encrypted to industry standards, if it was not unique, we urge you to update it on any other site where it might be similar.

Fortunately, the website doesn't store payment information as everything goes through PayPal and Stripe. It remains unclear whether the service will ever restart again, especially since the owners decided to offer refunds for premium memberships already paid.