Cybersecurity

This Website is Selling Billions of Private Messages of Discord Users

In a major privacy breach, private data including private messages of millions of Discord users are being sold on a clear web website. The website, Spy.pet, is an internet-scraping company, that has been collecting data from Discord since November 2023.

So far, as seen by Hackread.com, it has sold four billion public Discord messages which were publicly accessible and gathered from 14,201 servers, which are home to 627,914,396 users.

While it is unclear who owns the website, the very nature of the data – scraped messages – suggests a potential security flaw in how Discord interacts with bots or third-party applications.

What Does “Scraped Messages” Mean?

Scraping is a method where automated tools extract information from a platform, such as Discord, by exploiting weaknesses in bots or unofficial apps’ access and interaction with the targeted platform.

This can expose private chats, server chats, and direct messages, potentially exposing conversations between users or groups. Previously, scrapped databases from Chess.com, Clubhouse, LinkedIn, Mastodon, and GETTR also surfaced online.

What Information is at Risk?

Security experts suspect that the leaked data from Discord chats could expose personal information, private photos and videos, financial details, and company secrets. Users’ usernames, nicknames, and real names could be included, and sensitive media could be shared.

Additionally, financial details could be a target for scammers, and company secrets, especially if Discord is used for business communication, could also be exposed.

How does Spy.net Operate?

Spy.pet is a chat-harvesting platform that collects user data through profiles containing known aliases, pronouns, connected accounts, Discord servers, and public messages. Users must buy credits (costing $0.01 each and a minimum of 500 credits) to access profiles, and archives of conversations, and search for servers.

It only takes cryptocurrency for payments except for using a Coinbase link as it has banned Spy.net. In February 2024, the platform was DDoS’ed, but the owner claimed minimal damage.

This Website is Selling Billions of Private Messages of Discord Users
A screenshot from the website shows what it offers (Credit: Hackread.com)

How to Protect Yourself?

Discord is already investigating Spy.pet and is committed to protecting users’ privacy. The company plans to take appropriate steps if violations of its Terms of Service and Community Guidelines are found. 

Meanwhile, to protect yourself from potential risks, review your Discord privacy settings and ensure only authorized applications have access to your data. Change your password, enable two-factor authentication and be mindful of sharing personal information or sensitive content within Discord chats, even on private servers. If you suspect your account may have been compromised, report it to Discord immediately.

  1. Windows Users Alert: Skuld Malware Steals Discord Data
  2. Telegram and Discord Bots Delivering Infostealing Malware
  3. PureCrypter Malware Targets Governments Through Discord
  4. Scammers Selling Twitter (X) Gold Accounts Fueling Phishing
  5. Discord.io Admits Data Breach: Info of 760K Users Sold Online