Discord.io suffers huge records breach, publicizes closure

Discord.io, a carrier that allowed users to construct custom links for his or her Discord channels, is closing down following a substantial records breach.

A hacker stole the records of 760,000 users, per TechRadar, and has posted a sample on Breached Boards so as to doubtlessly sell it. The discord.io location now shows a message announcing “we are stopping all operations for the foreseeable future”.

The third-get collectively carrier has broken down precisely what is and just isn’t if truth be told contained in the stolen records in a checklist.

What is contained in the breach:

• Non-silent records about your story:

  • Your inner particular person ID.

  • Details about your avatar.

  • Your residing (moderator/admin/has commercials/banned/public/and so on).

  • Your coin balance, and up-to-the-minute slither in our free minigame.

  • Your API key (this does not give get entry to to your story, and became as soon as only available to no longer as much as a dozen users).

  • Your registration date.

  • Your last payment date and the expiration date of your top rate membership.

• Doubtlessly silent records about your story:

  • Your username.

    • Both the one you supplied at signup, or, for most of you, your contemporary Discord username.

  • Your Discord ID.

    • This records is no longer non-public and can simply even be obtained by anybody sharing a server with you. Its inclusion in the breach does, on the other hand, suggest that other of us shall be in a field to link your Discord story to a given e-mail address.

  • Your e-mail address.

    • Both the one you supplied at signup, or, for most of you, your contemporary Discord e-mail address.

  • Your billing address.

    • This must only jam a small series of of us and corresponds to the billing address you gave us so as to construct a aquire on our location sooner than we started the utilization of Stripe.

  • Your salted and hashed password.

    • This must only jam a small series of of us from sooner than we completely offered Discord as a login possibility (initiating in 2018). Whereas your password became as soon as encrypted to industry standards, if it became as soon as no longer distinctive, we flee you to update any other location that will need ragged this password.

What is no longer contained in the breach:

• Something no longer explicitly listed above.

• Your payment particulars (those are saved safely by our partners Stripe and PayPal).

The carrier says it has cancelled unique top rate subscriptions. They add that they’ve yet to be contacted by the hacker, and as far as they know “the database itself has no yet been shared publicly”.