In a concerning breach of privacy, an internet-scraping company, Spy.pet, has been exposed for selling private data from millions of Discord users on a clear web website. The company has been gathering data from Discord since November 2023, with reports indicating the sale of four billion public Discord messages from over 14,000 servers, housing a staggering 627,914,396 users.
How Does This Breach Work?
The term "scraped messages" refers to the method of extracting information from a platform, such as Discord, through automated tools that exploit vulnerabilities in bots or unofficial applications. This breach potentially exposes private chats, server discussions, and direct messages, highlighting a major security flaw in Discord's interaction with third-party services.
Potential Risks Involved
Security experts warn that the leaked data could contain personal information, private media files, financial details, and even sensitive company information. Usernames, real names, and connected accounts may be compromised, posing a risk of identity theft or financial fraud. Moreover, if Discord is used for business communication, the exposure of company secrets could have serious implications.
Operations of Spy.pet
Spy.pet operates as a chat-harvesting platform, collecting user data such as aliases, pronouns, connected accounts, and public messages. To access profiles and archives of conversations, users must purchase credits, priced at $0.01 each with a minimum of 500 credits. Notably, the platform only accepts cryptocurrency payments, excluding Coinbase due to a ban. Despite facing a DDoS attack in February 2024, Spy.pet claims minimal damage.
How To Protect Yourself?
Discord is actively investigating Spy.pet and is committed to safeguarding users' privacy. In the meantime, users are advised to review their Discord privacy settings, change passwords, enable two-factor authentication, and refrain from sharing sensitive information in chats. Any suspected account compromises should be reported to Discord immediately.
What Are The Implications?
Many Discord users may not realise the permanence of their messages, assuming them to be ephemeral in the fast-paced environment of public servers. However, Spy.pet's data compilation service raises concerns about the privacy and security of users' conversations. While private messages are currently presumed secure, the sale of billions of public messages underscores the importance of heightened awareness while engaging in online communication.
The discovery of Spy.pet's actions is a clear signal of how vulnerable online platforms can be and underscores the critical need for strong privacy safeguards. It's crucial for Discord users to stay alert and take active measures to safeguard their personal data in response to this breach. As inquiries progress, the wider impact of this privacy violation on internet security and data protection is a substantial concern that cannot be overlooked.
