this post was submitted on 14 Aug 2023
356 points (97.8% liked)

Technology

59207 readers
3055 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
356
The data of 760,000 Discord.io users was put up for sale on the darknet (stackdiary.com)
submitted 1 year ago* (last edited 1 year ago) by skilledtothegills@lemmy.world to c/technology@lemmy.world
10 comments fedilink hide all child comments
 

An unidentified individual has listed the data of 760,000 Discord.io users for sale on a darknet forum. This discovery was brought to light by the "Information Leaks" Telegram channel, associated with the Russian service for tracking vulnerabilities, data leaks, and monitoring fraudulent online resources.

For clarity, Discord.io is a third-party interface tailored for the widely-used Discord messenger. The offered database comprises details like email addresses, hashed passwords, and other user-specific data.

you are viewing a single comment's thread
view the rest of the comments
[–] skilledtothegills@lemmy.world 34 points 1 year ago (1 children)

I'm actually curious where did they got the passwords from? Discord.io looks to be using Discord itself for authenticating users, but I myself have never used the service so I have no idea.

[–] originalfrozenbanana@lemm.ee 21 points 1 year ago (1 children)

Depending on how that authentication handshake is implemented secrets can be leaked. It could be a security flaw on Discord’s side that Discord.io has access to via SSO, or it could be that Discord.io stores username and password for some reason.

[–] ipkpjersi@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Yeah but there's a big difference between tokens that can easily be revoked and what could be potentially plain-text passwords.

edit: Okay, so it sounds like they had their own account system back in 2018 separate from Discord. That makes more sense.