Jump to content

Discord Data Breach - Does this impact us?

Black Space

By Black Space
in General Discussion

 Share

Recommended Posts

Luminara

Luminara

Posted
Posted
9 minutes ago, Glacier Peak said:

I'm not a fan of clicking links, can you synopses this for me?

 

DB hacked, account information for ~750,000 users stolen,  Financial info handled by a different company so unlikely to be at risk.  Passwords likely still secure.  User names/IDs, e-mail addresses and residential info compromised.

  • Thanks 2

Get busy living... or get busy dying.  That's goddamn right.

Link to comment
Share on other sites
Without_Pause

Without_Pause

Posted
Posted

It might explain an uptick in my spam email, but I have filters for that sort of thing. It's all one click of 'Empty Folder' anyway.

Top 10 Most Fun 50s.

1. Without Mercy: Claws/ea Scrapper. 2. Outsmart: Fort 3. Sneakers: Stj/ea Stalker. 4. Waterpark: Water/temp Blaster. 5. Project Next: Ice/stone Brute. 6. Mighty Matt: Rad/bio Brute. 7. Without Pause: Claws/wp Brute. 8. Emma Strange: Ill/dark. 9. Nothing But Flowers: Plant/storm Controller. 10. Obsidian Smoke: Fire/dark Corr. 

 

"Downtime is for mortals."

Link to comment
Share on other sites
Scarlet Shocker

Scarlet Shocker

Posted
Posted

From the discord.io website:

 

Discord.io has suffered a data breach

On the night of the 14th of August, Discord.io suffered a major databreach, resulting in content from our database being leaked to unknown actors.
We were made aware of the breach later on in the day, and after confirming the content of the breach, we decided to shut down all services and operations.

What happened?

We are still investigating the breach, but we believe that the breach was caused by a vulnerability in our website's code, which allowed an attacker to gain access to our database. The attacker then proceeded to download the entire database, and put it up for sale on a 3rd party site.

What data was leaked?

Non-sensitive information about your account:
  • Your internal user ID
  • Information about your avatar
  • Your status (moderator/admin/has ads/banned/public/etc)
  • Your coin balance, and current streak in our free minigame.
  • Your API key (this does not give access to your account, and was only available to less than a dozen users).
  • Your registration date.
  • Your last payment date and the expiration date of your premium membership.
Potentially sensitive information about your account:
  • Your username
    • Either the one you provided at signup, or, for most of you, your current Discord username.
  • Your Discord ID
    • This information is not private and can be obtained by anyone sharing a server with you. Its inclusion in the breach does, however, mean that other people might be able to link your Discord account to a given email address.
  • Your email address
    • Either the one you provided at signup, or, for most of you, your current Discord e-mail address.
  • Your billing address
    • This should only concern a small number of people and corresponds to the billing address you gave us in order to make a purchase on our site before we began using Stripe.
  • Your salted and hashed password
    • This should only concern a small number of people from before we exclusively offered Discord as a login option (starting in 2018). While your password was encrypted to industry standards, if it was not unique, we urge you to update it on any other site where it might be similar.

Discord.io does not store any payment information, and all payments are processed through PayPal and Stripe. We do not store any payment information on our servers, and this information was not leaked.

What are we doing about this?

We have decided to take down our site until further notice.

We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again.
This will include a complete rewrite of our website's code, as well as a complete overhaul of our security practices.

What should you do?

As we only stored your Discord user-id, and not your Discord authentication token, there is no need to change your password or take any other action on Discord itself.

However, if you signed up on our site from before 2018, using our previous username/password registration, we urge you to change your password on any other site that might have used the same password.

What about my premium membership?

As we have shut down all operations, we have also canceled all active subscriptions to our site. As such, you will not be charged again.

If you have purchased a premium membership in the last 30 days, we will refund you in full.
Please contact us at [email protected] with your username and the email address you used to make the purchase.
We will then process your refund as soon as possible.

 

 

The Ghost Slaying Axe. The very best there is. When you absolutely, positively got to kill every motherspectre in the room, accept no substitutes.

 
Link to comment
Share on other sites
  • Game Master
GM Crumpet

GM Crumpet

Posted
  • Game Master
Posted

Talking to our admins it's not a Discord issue, so unless you actively have an account with Discord.io you are fine. If you do have a discord.io then obviously make sure you change your passwords on anything (not just Discord) that might possibly use the same password.

 

  • Thanks 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...