A popular service that allowed people to create custom links for their Discord channels has suffered a massive data breach and says it will shut down operations “for the foreseeable future.”
Discord.io on Tuesday announced that hackers had penetrated its database on the night of August 14, taking large swaths of user data. The company, in its update, did not disclose how many users were impacted, but TechRadar reports some 760,000 members had their information compromised.
The hackers appear to have exploited a vulnerability in Discord.io’s web code. The site says it has gone offline “until further notice” as it investigates possible causes, and rewrites its website’s code and overhauls security practices.
Given the popularity of both the tool and Discord, along with the site’s decision to abruptly shut down, there’s a lot of confusion about this hack. Here’s what you need to know.
What data did the Discord.io hackers take?
Along with nonsensitive information, like user registration dates and last payment date, the hackers were able to gain a number of potentially sensitive details about users, including:
- Usernames
- Discord IDs
- Email addresses
- Billing addresses
- A small number of passwords
Payment information was not stored on the site, so doxing (publicly and maliciously providing personally identifiable information about a user), rather than financial fraud or identity theft, is the chief threat.
Is Discord.io the same as Discord?
No. Discord.io is a third-party service that lets people create custom invitations to join their Discord channels. Those personalized invitations often help build a community faster, as users didn’t have to manually search for it on the official Discord site.