Discord.io Breach Caused By A Vulnerability In Website’s Code


Discord.io experienced a significant data breach on the 14th of August 2023 that risks the privacy of about 760K consumers’ data. 

The platform revealed the massive data breach on August 15th, claiming it was “stopping all operations for the foreseeable future.”

The Discord.io breach had been caused by a flaw in the website’s coding, which allowed an attacker to obtain access to the database.

“We are still investigating the breach, but we believe that the breach was caused by a vulnerability in our website’s code, which allowed an attacker to gain access to our database,” Discord.io said in its notification.

“The attacker then proceeded to download the entire database and put it up for sale on a 3rd party site”.

Information Disclosed in the Breach

Non-sensitive information:

  • Internal user ID
  • Information about your avatar
  • Status (moderator/admin/has ads/banned/public/etc)
  • Coin balance, and current streak in our free minigame.
  • API key (this does not give access to your account, and was only available to less than a dozen users).
  • Registration date.
  • Last payment date and the expiration date of your premium membership.

Sensitive Information:

  • Username
  • Discord ID
  • Email address
  • Billing address
  • The salted and hashed password

All payments are handled by PayPal and Stripe, and Discord.io does not keep any payment information. Therefore, the payment information was not disclosed.

For users who joined the site before 2018 using a previous username/password registration, Discord.io strongly advises you to change your password on any other site that may have used the same password.

Because Discord.io stopped all operations, they have also canceled all ongoing memberships to the site. As a result, those users will not be charged again.

Those who acquired a premium membership within the previous 30 days will be fully reimbursed.

“We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again,” Discord.io said.

“This will include a complete rewrite of our website’s code, as well as a complete overhaul of our security practices.”

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.





Source link