Discord started notifying users affected by a March data breach on Monday, about three months after the communications server went public about the attack in May. Of the 150 million monthly users that Discord reports to have, only 180 had sensitive information exposed in the attack, according to a data breach notification filed with the Office of the Maine Attorney General. That means if you’re a Discord user, you’re much more likely to be impacted by the Discord.io breach that impacted 760,000 users earlier this month, and ultimately led to the site shutting down.
Discord.io let Discord users make custom links for their channels. On August 14, a major data breach caused by a vulnerability in the website’s code let a third-party attacker steal information and put it up for sale on a breached data forum. That includes hashed passwords, billing information and Discord IDs.
“We have decided to take down our site until further notice,” Discord.io wrote in a post. The company plans a “a complete rewrite of our website’s code, as well as a complete overhaul of our security practices” as it looks for a way to mitigate the breach and prevent future problems.
This is different from the Discord breach that the company may have reached out to you about this week. A separate incident, affecting Discord and not the separate Discord.io entity, happened earlier this year when an unauthorized user gained access to Discord data via a third-party service provider. The hacker stole data on service tickets, which included personal information like driver’s license numbers, for 180 users. Discord is reaching out via email to let impacted users know about the incident, and offering credit monitoring and identity theft protection services to prevent further damage.
“Discord is not affiliated with Discord.io. We do not share any user information with Discord.io directly and we do not have access to or control of information in Discord.io’s custody,” a Discord spokesperson said. “We are committed to protecting the privacy and data of our users and encourage our users to enable Two-Factor Authentication (2FA) to help keep their accounts protected, and consider SMS Authentication.”
Source: www.engadget.com