Discord.io yesterday experienced a data breach that led to the exposure of information for 760,000 members and prompted a temporary shutdown of the popular platform — a third-party service used for sending Discord invites — for the foreseeable future.
The threat actor is currently unknown, and an Discord.io admin said in a post on the site that they "believe that the breach was caused by a vulnerability in our website's code, which allowed an attacker to gain access to our database." That allowed the threat actor to download the entire database and then put it up for sale on a third-party website.
Both sensitive and nonsensitive information was leaked in the breach, such as usernames, Discord IDs, email addresses, billing addresses, and passwords as well as coin balances, API keys, registration dates, internal user IDs, and more. The site does not store any payment information on its servers.
Discord.io shut down all operations, which means all active subscriptions and premium memberships have been cancelled. The site recommends that users who were on the site prior to 2018 change their password if the same one is shared on any other site.
"We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again," the company stated in an update on its website. "This will include a complete rewrite of our website's code, as well as a complete overhaul of our security practices."