A massive data breach has shuttered Discord.io, an online messaging platform used by Discord members.
“On the night of the 14th of August, Discord.io suffered a major data breach, resulting in content from our database being leaked to unknown actors,” said a message on the website Tuesday (Aug. 15). “We were made aware of the breach later on in the day, and after confirming the content of the breach, we decided to shut down all services and operations.”
Discord.io allowed users to create custom links for their channels on Discord. Published reports Tuesday said the breach affected 760,000 users.
Despite their names, the two companies are separate entities, a Discord spokeperson told PYMNTS.
“Discord is not affiliated with Discord.io. We do not share any user information with Discord.io directly and we do not have access to or control of information in Discord.io’s custody,” the spokesperson said.
“We are committed to protecting the privacy and data of our users and encourage our users to enable Two-Factor Authentication (2FA) to help keep their accounts protected, and consider SMS Authentication.”
According to Discord.io, a hacker used a vulnerability in the site’s code to access and download its database and put it up for sale on a third-party site.
Stolen data included usernames and email addresses, as well as billing addresses and salted and hashed passwords. No payment information was leaked, Discord said.
A report earlier this week by the website Bleeping Computer said a hacker with the handle Akhirah was behind the breach, telling that publication their motive was beyond just financial game. Akhirah claimed Discord.io links to illegal and harmful content, and Akhirah wanted to pressure the service to take down that content by stealing the data and putting it up for auction.
“It’s not just about money, some of the servers they overlook [are] talking about pedophilia and similar things, they should blacklist them and not allow them,” Akhirah said, per the report.
PYMNTS has contacted Discord for comment but has not yet received a reply.
The breach comes at a time when 71% of businesses say they need additional digital fraud solutions, according to PYMNTS research.
“Fraudsters, as a general rule of thumb, tend to be very sophisticated and are always finding new ways to defraud individuals and businesses,” Doriel Abrahams, head of risk in the U.S. at fraud prevention provider Forter, told PYMNTS.
Abrahams explained that “the weakest link in the online payment journey is the human link” and stressed that while organizations often employ artificial intelligence (AI) and machine learning (ML) tools to train anti-fraud models and create robust controls, fraudsters have access to the same technology.