π¨ Your Discord Chats Are Leaked. And They’re for Sale on Hacker Forums π¨
Greetings, HackingBlogs readers.
The news today discusses into an alarming breach of digital trust: more than 348 million Discord messages have reportedly been stolen and are being sold on a well-known site for cybercrime.
This data dump, which was gathered from about 1,000 public servers, contains user IDs, usernames, message contents, and more. It covers almost a year’s worth of talks between users in the US, France, and Russia. Even while the information does not contain any private messages, the scope and organization of this breach allow for unimaginable amounts of targeted abuse, extortion, and mass spying.
βIt makes it easier to look through someone’s message history on a lot of public servers at once.β
Cybernews researcher Aras Nazarovas
Whatβs in the leak?
- User IDs
- Usernames & Nicknames
- Message contents
- Guild, Channel, & Message IDs
- Timestamps
- Even replies, all indexed and searchable
The samples’ validity has been verified by the security researchers at Cybernews; thus far, there are no warning signs of fraud. This is not only jumbled, raw data. It is indexed and well-structured, which makes it shockingly simple to link talks to certain people.
Let Take Some Flashback: Discord Spy.pet Incident
This isnβt the first time Discord has been at the center of a large-scale data scraping controversy.
A website called Spy.pet gained popularity around the beginning of 2024 for gathering and indexing billions of public conversations from Discord servers. Additionally, users’ aliases, pronouns, and linked accounts (such as GitHub and Steam) were cataloged. Spy.pet promoted a “enterprise package” for those wishing to conduct mass surveillance or train AI models, and they sold this data for cryptocurrencies.
Among its clients? Even government agencies, too.
Spy.pet was finally taken down by Discord, but not before causing a great deal of harm. Much of the material on the website, which had been up for months, was openly shared by malicious actors, including well-known forums like Kiwi Farms, which were famous for their online harassment of women and LGBTQ+ users.
Your communications may be included in this dataset if you have engaged in any public Discord servers in the past year, particularly if you are situated in the United States, France, or Russia.
This kind of exposure might result in identity access through usernames and behavior, even if you did not disclose anything “sensitive.” campaigns of harassment motivated by past posts, damage to one’s reputation from comments that are not relevant, Possible blackmail in the event that data is altered or abused
