Discord Halts Operation After Hackers Steal Data of 760k Users

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

In a public statement , Discord.io disclosed that it was shutting down its services for the foreseeable future as it had suffered a massive data breach. The attack had allowed the hacker to steal information of its 760,000 users.

Discord.io is not an official Discord website, rather it is a third-party service that allows Discord server owners to create personalized links for their channels.

Discord.io was made aware of the breach after the hacked database was found to be for sale on the new Breached hacking forums. The new third-party forum is the rebirth of the infamous cybercrime marketplace famous for selling and buying hacked databases.

The stolen information included sensitive details like, all users’ usernames, email addresses, and Discord IDs. Some users’ billing addresses as well as salted and hashed passwords have also been stolen. Discord.io assured its members that as the company does not store any user’s financial information on its servers, thus, this data was not exfiltrated.

Non-sensitive information like, internal user ID, registration data, coin balance, user status, API keys, etc., was also accessed by the attacker.

On confirming the authenticity of this data, Discord.io announced that it had canceled all active subscriptions and would be refunding members who had purchased premium subscriptions in the last 30 days.

In addition, its own investigation revealed that the breach was caused by a vulnerability in its website’s code, which allowed the attacker to access and download the entire user data.

Moreover, Discord.io assured its members that, ‘’We will continue to investigate the possible causes of the breach, and we will take steps to ensure that this does not happen again. This will include a complete rewrite of our website’s code, as well as a complete overhaul of our security practices.’’

Discord.io explained that the exposure of such information creates potential risks for compromised individuals, especially in the form of phishing attacks. It also makes it possible for others to link an individual’s Discord account to a given email address.

Colorado Department of Health Care Policy & Financing Discloses Massive Data Breach

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

In recent months, millions of Americans have been affected by data breach incidents involving healthcare organizations. The Colorado Department of Health Care Policy & Financing (HCPF) revealed that personal and health information of around 4.1 million individuals was compromised in a MOVEit-related data breach attack.

The government department is responsible for managing the Health First Colorado (Colorado’s Medicaid program), Child Health Plan Plus (CHP+), and other health programs for citizens with disabilities, the elderly, and low-income families.

In the notice, HCPF said that the incident did not directly impact its systems, rather the data compromise happened because of IBM, which is one its vendors. IBM utilizes the MOVEit application to transfer certain HCPF files. The breach is said to have occurred on or about May 28.

On being notified by IBM, the state agency launched an immediate investigation to confirm whether any of its systems had been impacted, and to determine if any personal or/and health data of the citizens had been accessed by the threat actors.

‘’While HCPF confirmed that no HCPF systems or databases were impacted, on June 13, 2023, the investigation identified that certain HCPF files on the MOVEit application [..] were accessed [..]. These files contained certain Health First Colorado and CHP+ members’ information,’’ the notice revealed.

The extracted information included personal information like few individuals’ full name, date of birth, home address, Social Security Number, demographic or income information, health insurance details and diagnostic, medication, treatment information.

According to the department, 4,091,794 individuals have been impacted by this incident. HCPF has per the government guidelines has informed the impacted people and the concerned regulatory division, i.e., Maine Attorney General’s office. It is also providing two years of credit monitoring services through Experian.

Earlier this month, the Colorado Department of Higher Education (CDHE) had disclosed a similar MOVEit unrelated data breach incident that had compromised student and faculty information.