The data of 760,000 Discord.io users was put up for sale on the darknet

Submitted ⁨⁨1⁩ ⁨year⁩ ago⁩ by ⁨skilledtothegills@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://stackdiary.com/the-data-of-760000-discord-io-users-was-put-up-for-sale-on-the-darknet/

An unidentified individual has listed the data of 760,000 Discord.io users for sale on a darknet forum. This discovery was brought to light by the “Information Leaks” Telegram channel, associated with the Russian service for tracking vulnerabilities, data leaks, and monitoring fraudulent online resources.

source

Comments

Sort:hotnew top

ivenoidea@lemmy.world ⁨1⁩ ⁨year⁩ ago
Discord.imo, for anyone unsure like me, seems to be unaffiliated with Discord itself and simply a website to find Discord servers to join. It’s offline now.

source
- realbaconator@lemmy.world ⁨1⁩ ⁨year⁩ ago
  At first glance that’s what it looks like, but it’s good that your comment is the top for clarity.
  
  source
originalfrozenbanana@lemm.ee ⁨1⁩ ⁨year⁩ ago
The fact that the passwords are hashed is small comfort. It’s good for sure but potentially impacted users should still change their passwords and any accounts that share that password.

Don’t share passwords but if you do and yours is compromised attackers can use it to try and access other services. If you reuse the credentials and Discord.io uses some bad practices (like not salting their hashes) then you’re at risk.

source
krayj@sh.itjust.works ⁨1⁩ ⁨year⁩ ago
I know what discord is - because I use it daily. But what is discord.io? The article doesn’t really say what the relationship between discord.io and discord is, but they are using the official Discord logo and official Discord name in the article photo. What is discord.io and what’s the use case for using it?

source
- realbaconator@lemmy.world ⁨1⁩ ⁨year⁩ ago
  They provide a functionary service for discord servers to have URL redirects pointed at themselves for invites. So less average users and more power users/ servers owners are taking the hit here.
  
  source
skilledtothegills@lemmy.world ⁨1⁩ ⁨year⁩ ago
The breach has now been confirmed by the Discord.io team and the article has been updated to reflect this.

source
Mesaji@lemmy.world ⁨1⁩ ⁨year⁩ ago
Now that you know, these central platforms put everything in one place, not just Discord.io; the same is true for Discord itself. Discord.io simply provided hackers with a quicker means to collect entry points to various communities.

Blame can be attributed to centralized management, as all the invite links published on Discord.io allowed hackers to enter those communities and compromise members’ accounts one by one. This is because there was only one server for hackers to breach and gather personal information such as usernames, email addresses, IP addresses, and passwords.

Fortunately, I left Discord a long time ago and migrated to another platforms, like Lemmy here, WireMin, Session. WireMin is kinda popular in Russia, anyone knows about it? It is complete decentralized, so totally avoid the dataleak issue.

Dataleaks happens everyday, it is important chose what can be shared and what can’t be.

source