Reported Discord data leak disputed by third-party service RestoreCard

RestoreCord challenges the alleged breach

A recent report claimed that a data leak involving nearly one million Discord user accounts was traced back to RestoreCord, a popular third-party backup service. The leaked data supposedly included timestamps, last-serving IP addresses, usernames, and Discord IDs. However, RestoreCord has firmly disputed these claims, stating that their systems were not compromised and that the assertions are baseless. The company clarified that a minor incident in November 2023 involved a staff member mistakenly sharing a limited set of IP addresses—fewer than 5,000—and that these IP addresses were randomly generated rather than actual user data. RestoreCord emphasized that their security measures remain robust and that the reported breach is not a reflection of their current infrastructure.

The controversy began when cybersecurity platform Leakd highlighted a file posted on BreachForums containing what appeared to be Discord user data. The file was uploaded by a user known as "Sythe" and claimed to hold information on nearly a million accounts. RestoreCord responded by contacting media outlets to correct the record, asserting that the data may have originated from other sources or been fabricated. The company also noted that the file had been circulating on hacker forums since last year, suggesting it was not a fresh breach.

What data was involved in the leak?

The leaked file reportedly included usernames, Discord IDs, IP addresses, and timestamps. While passwords and direct messages were not part of the data, the exposure of IP addresses and usernames could still pose risks. IP addresses can be used to approximate a user's geographic location, and combining that with Discord IDs opens the door to targeted phishing or doxxing attacks. RestoreCord, however, argues that the IP addresses in the file are not genuine user IPs but random values, reducing the potential harm. The company also stated that the number of affected users is far lower than the claimed million, likely under 5,000.

How does RestoreCord handle user data?

RestoreCord is a Discord bot designed to help server administrators back up and recover their servers. It claims to serve over 99 million members, including 100,000 paying customers, and backs up 55,000 servers. When users verify through the RestoreCord website, their IP address can be associated with their Discord username—a process that occurs outside the Discord API. This has raised privacy concerns among users, but RestoreCord maintains that they follow standard security practices and that the recent claims of a massive breach are unfounded.

Separating fact from fiction

The dispute highlights the challenges of verifying data breaches in the fast-moving world of online forums. While the file on BreachForums exists, its authenticity remains questionable. Cybersecurity experts advise caution: even if the data is old or partially fabricated, users should treat any leaked information as a potential threat. RestoreCord's proactive denial suggests they are taking the matter seriously, but users should still monitor their accounts for suspicious activity.

What Discord users should do now

Regardless of the dispute, Discord users can take steps to protect themselves. Enable two-factor authentication on your Discord account to add an extra layer of security. Be wary of unsolicited messages or emails that ask for personal information, especially if they reference your Discord ID or username. If you use third-party services like RestoreCord, review their privacy policies and data handling practices. Change your passwords regularly and avoid reusing passwords across platforms.

RestoreCord's response underscores the importance of third-party services being transparent about security incidents. While the company has denied a breach, users should remain vigilant and report any unusual activity to Discord's Trust & Safety team.