Discord.io was/is a third party service that enables owners of Discord servers to create customized, personal Discord invites. After a preview of Discord.io’s users database was posted on BreachForums, the owners have decided to shut down all Discord.io services “for the foreseeable future.” Existing premium subscriptions have been canceled and discord.io promised to reach out as soon as possible on an individual basis.
The site confirms that there has been a data breach
The stolen information could include your discord.io username and your Discord ID, your email-address, your billing address, and a salted and hashed password if you signed up in 2018 or earlier. (In 2018 discord.io started to exclusively offer Discord as a login option.)
Payment details are said to be safe because those are stored safely by the payment partners, Stripe and PayPal. Discord.io has confirmed the authenticity of the breach, by an entity acting under the name Akhirah.
It is important to know that Discord is not affiliated with discord.io, a spokesperson from Discord told Stackdiary:
> "Discord is not affiliated with Discord.io. We do not share any user information with Discord.io directly and we do not have access to or control of information in Discord.io’s custody."
Discord has revoked the oauth authentication tokens for any Discord user that has used Discord.io, so that app can no longer perform actions on behalf of those users until they re-authenticate. Affected Discord users should change their passwords and enable multi-factor authentication (MFA).
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
We don't just report on threats–we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.