Cyber Incident Victim: Discord
Date:
Jul 2019
Location:
United States of America
Summary
A group of hackers publicly released approximately 2,500 allegedly phished user credentials from a gaming chat platform, claiming they obtained the login data through a phishing site that exploited the platform's API rather than malware. The published database included both valid and invalid credentials, with verification attempts indicating many compromised email addresses were linked to active accounts. The attackers emphasized the simplicity of their method, criticizing the platform's security practices. The incident highlighted risks associated with phishing attacks targeting user authentication systems, though the scale of confirmed compromised accounts remained unclear due to the presence of fabricated entries in the dataset. The affected company did not immediately issue a public statement regarding the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In July 2019, hackers publicly released a database containing approximately 2,500 Discord user credentials obtained through phishing attacks. The attackers claimed they harvested the login information by creating fraudulent websites that mimicked Discord’s interface, exploiting the platform’s API to facilitate account hijacking. They emphasized that their method relied solely on social engineering rather than malware or technical exploits. The published data set was divided into sections categorizing allegedly valid and invalid credentials. Analysis revealed that many entries in the invalid category contained obviously fabricated details, such as the email "[email protected]" paired with the password "fucku," suggesting some targets intentionally submitted false information to disrupt the phishing operation.
Independent verification of the "valid" credential segment indicated a high proportion corresponded to active Discord accounts. Journalists attempted to register new accounts using email addresses from this portion of the leak but found most addresses were already associated with existing profiles, confirming the authenticity of many compromised credentials. The attackers did not disclose the exact timeframe during which the phishing campaign occurred or the specific number of accounts successfully breached. Discord did not issue an official statement regarding the incident prior to the publication of initial reports. The leak underscored the persistent risk of credential theft via phishing, particularly affecting platforms with large gaming communities like Discord, though the overall scale remained limited compared to broader industry breaches. No technical vulnerabilities within Discord’s infrastructure were implicated, as the compromise originated entirely from external phishing sites deceiving users into voluntarily submitting their login details.