Is Discord Safe? Discord Data Breaches and User Privacy Concerns

Data breaches pose the most significant risks to our data. Despite the strict measures companies follow to encrypt and protect user data, sometimes the worst-case scenario happens, and you have been alerted that your data has leaked online.

Many companies, from healthcare to social media, have been victims of data breaches. One of those major companies that made the list is Discord. Therefore, we will examine how the Discord data breach happened and why Discord’s privacy policies are causing user concerns.

In an age where protecting our data is more critical than ever, let’s learn what makes Discord so popular, despite its data practices, and also why protecting your data with companies like Internxt is imperative in this age of cyberattacks.

Table of contents

1. What is Discord?
2. Why is discord so popular?
3. How did the Discord data breach happen?
4. Discord privacy and security issues
5. Alternatives to Discord
6. Avoiding a future Discord breach

What is Discord?

Discord is a popular app that combines social media and internet forums. It gives users a platform for instant messaging via voice calls, video calls, text messaging, and media and file sharing in different communities, called servers.

Although primarily used as a platform for gamers to live stream their gaming sessions, Discord covers a variety of interests and communities, from music, films, finance, and education.

Why is Discord so popular?

Despite the past Discord data breach, it remains a popular platform due to its many features:

• Voice chat, video chat, and text chat: Discord allows users to communicate through voice chat, video chat, or text chat, offering flexibility based on preference and situation.
• Servers: Discord is organized into servers, like virtual communities dedicated to specific topics, games, or groups of people. Users can join multiple servers based on their interests.
• Screen and file sharing: Discord allows users to share their screens for live video tutorials or video game walkthroughs and also file sharing for documents, files, or videos on servers.

However, the Discord platform is still far from perfect. Although It has over 170 million active users, there are still issues regarding its privacy policies.

How did the Discord data breach happen?

In March 2023, the Discord data breach happened due to a vulnerability in the website code, allowing an attacker to access its database. As a result of the Discord data breach, around 180 users had their sensitive information exposed, according to a notification filed with the Office of the Maine Attorney General

This data breach led to:

• Exposed data: passwords, billing information, and Discord IDs were all at risk of being leaked.
• Impact: The severity of the impact depends on whether the passwords were hashed correctly (one-way encryption) and how users handled their passwords. Weak passwords or reused passwords across multiple platforms could be at higher risk.
• Response: Discord took down its website to investigate the breach and implement security improvements. They also encouraged users to change their passwords.

Weak passwords are one of the main reasons that can cause a data breach, so good password management and enabling Two-Factor Authentication (2FA) are an excellent foundation to protect your online accounts.

While all data breaches are serious, if you’re a Discord user, chances are you were affected by another Discord data breach that had a greater impact on Discord users.

Discord.io data breach

Discord.io was a third-party party service that let users create custom links with their visual branding. The discord.io data breach affected over 760,00 users in August 2023, and they have since stopped all their services for the foreseeable future.

The breach was discovered in a popular telegram channel called “Information Leaks” after an anonymous user posted an advert on the dark web. The ad was selling a database containing the sensitive information of 760,000 discord.io users.

The anonymous seller used the alias Akhirah and verified the stolen data by sharing the records of leaked user data as authenticity. The company verified the legitimacy of this Discord data breach and notified users of the attack.

The leaked database reportedly included a variety of user information, such as:

• Usernames,
• Email addresses,
• Hashed passwords (uncertain if strong hashing methods were used),
• Partial IP addresses.

In response, a Discord spokesperson said,

“Discord is not affiliated with Discord.io. We do not share any user information with Discord.io directly and we do not have access to or control of information in Discord.io's custody”.

They follow up this statement by saying,

“We are committed to protecting the privacy and data of our users”

But how true is that statement? And are you at risk of a Discord data breach? Let’s find out.

Discord privacy and security issues

While there has only been a small incident of a Discord data breach in the past, the platform still has the potential for other cybersecurity risks from other users that could damage your online privacy.

Spreading malware

Discord allows users to share links and files. As a result, malicious actors can exploit this by sharing links to malware-infected files or websites disguised as legitimate content. This is especially risky on servers with lax moderation or many unknown users.

Furthermore, Discord allows users to chat privately via direct messages. This increases the potential for social engineering techniques that could lead to them sending you more harmful links and sharing personally identifiable information that could lead to doing.

As with the past discord.io breach, Discord allows third-party bots on servers. While these can be useful, some can be designed to steal data or spread spam if the private server does not sufficiently moderate them.

For parents, there are also concerns regarding cyberbullying, so an awareness of how to protect your kids online is also a huge concern for young people using the platform.

Privacy concerns

When you sign up for Discord, you are signing up for a platform and permitting them to collect the following information:

• Basic User Information: This includes your username, email address, and IP address. This information is essential for creating and managing your account and identifying you on the platform.
• Content You Share: Anything you share on Discord, including text messages, voice chats, images, and videos, is stored by Discord. This allows you to access and reference past conversations and content.
• Usage Data: Discord tracks how you use the platform, such as the servers you join, channels you participate in, and features you use. This data can be used to improve the platform and personalize your experience.

Discord may retain some data even if you delete your Discord account. This may include information required for legal or security purposes, such as IP logs related to potential abuse. However, Discord's policy states they will delete any personally identifiable information (PII) associated with your account within a certain timeframe after deletion.

Discord privacy settings

To avoid the possibility of a Discord data breach in the future, you can familiarize yourself with Discord's privacy policy and manage your privacy settings in the app. Here are some you can set for your Discord account for additional privacy:

• Who Can Direct Message You: This setting allows you to control who can send you private messages. Options include "Everyone," "Friends only," or "No one."
• Appearance: Avoid using a picture of yourself; opt for a generic, anonymous version instead.
• Privacy Settings (Voice & Video): Manage who can see you when you're online, hear your microphone, or see your camera.

Alternatives to Discord

If you want a more private solution to Discord, several options are available to avoid a Discord data breach from the platform or third-party vendors.

Element

Element is a decentralized end-to-end encrypted messenger and secure collaboration app. Element prioritizes transparency and independent security checks by offering open-source code and end-to-end encryption by default, perfect for users who value privacy.

• Benefits: Open-source code allows for transparency and independent security audits. By default, it offers end-to-end encryption for messages and calls. Decentralized servers provide greater control over data storage.
• Drawbacks: Less user-friendly interface compared to Discord. A smaller user base may limit who you can connect with.

Matrix

Matrix is an open network for secure, decentralized communication to chat with friends, family, communities, and co-workers. Using Matrix as a messaging or voice call platform, you can secure your chats with end-to-end encryption.

• Benefits: The open network protocol allows for server hopping and increased customization. Messages and calls can be encrypted end-to-end, in line with Matrix's emphasis on user control and data ownership.
• Drawbacks: Setting up and configuring servers can be complex for beginners. Finding the correct server for your needs might require some searching.

Wire

Wire is an end-to-end encrypted messaging service offering instant voice messaging and video conferencing for up to 100 participants. Another attractive feature of Wire is that it is open source, so you can review its code to see how it secures your data.

Furthermore, it is also a zero-knowledge company, so not even Wire or anyone else can access your private information.

Benefits: Strong focus on privacy and security with end-to-end encryption by default. Clean and user-friendly interface similar to Discord. Wire also offers disappearing messages and self-destructing links for additional privacy.
Drawbacks: Wire requires a paid subscription for features like file sharing and international calls. Smaller user base compared to Discord.

Telegram

Telegram is a free messaging app similar to WhatsApp or Signal but with some key differences. It offers cloud-based storage for your messages and files, so you can access them whenever you log in. It also allows large group chats of communities of up to 200,000 people.

One thing to remember is that end-to-end encryption is not the default for Telegram. Still, you can enable secret chats and schedule messages to disappear after a specific time for more privacy in one-to-one direct messages.

• A Large user base makes connecting with existing contacts easier.
• Offers optional end-to-end encryption for chats (called "Secret Chats").
• Cloud-based storage allows access from multiple devices.

• Benefits: A Large user base makes connecting with existing contacts easier. Offers optional end-to-end encryption for chats (called "Secret Chats"). Cloud-based storage allows access from multiple devices.
• Drawbacks: End-to-end encryption isn't enabled by default and requires users to initiate "Secret Chats." Concerns exist regarding data security practices and potential government access.

Avoiding a future Discord breach

Discord retains your data if you are an active Discord user, but its privacy policy claims that it does not sell it.

While it is one of the most popular platforms for gamers and other communities, there is still a chance to switch to alternatives to Discord if you need a secure messaging platform.

Even so, whatever platform you use, to effectively protect yourself from a Discord data breach or any other cyberattacks, you must follow the basics of cybersecurity to drastically reduce the chance of your data falling into the wrong hands.