Discord

Discord

A group of hackers published a list of email addresses and passwords they say they phished from users of the gaming chat platform Discord.

The list was small, totaling in at only around 2,500 logins, but the news still acts as a reminder that Discord users need to remain vigilant against phishing.

This was no virus, worm, or malware of any sort it was a simple old phishing site that utilized Discord's moronic API to hijack these accounts.

Along with their message, the hackers posted a database of the allegedly phished credentials, split into multiple sections of those that work and those that don't.

Source: https://www.vice.com/en/article/evye3a/hackers-publish-list-of-discord-email-addresses-passwords-login-credentials

TPRM report: https://scoringcyber.rankiteo.com/company/discord

"id": "dis154330323",
"linkid": "discord",
"type": "Data Leak",
"date": "07/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 2500,
                        'industry': 'Gaming Chat Platform',
                        'name': 'Discord',
                        'type': 'Company'}],
 'attack_vector': "Phishing site exploiting Discord's API",
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 2500,
                 'personally_identifiable_information': ['Email addresses'],
                 'type_of_data_compromised': ['Email addresses', 'Passwords']},
 'description': 'A group of hackers published a list of email addresses and '
                'passwords they say they phished from users of the gaming chat '
                'platform Discord. The list totaled around 2,500 logins. The '
                "hackers utilized a phishing site that exploited Discord's API "
                'to hijack these accounts. The database of phished credentials '
                'was split into sections of those that work and those that '
                "don't.",
 'impact': {'brand_reputation_impact': 'Reminder for users to remain vigilant '
                                       'against phishing',
            'data_compromised': ['Email addresses', 'Passwords']},
 'initial_access_broker': {'entry_point': 'Phishing site'},
 'lessons_learned': 'Discord users need to remain vigilant against phishing.',
 'post_incident_analysis': {'root_causes': "Phishing site exploiting Discord's "
                                           'API'},
 'threat_actor': 'Group of hackers',
 'title': 'Phishing Attack on Discord Users',
 'type': 'Phishing',
 'vulnerability_exploited': "Discord's API"}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.