It’s easy to get the impression that Discord chat messages are ephemeral, especially across different public servers, where lines fly upward at near-unreadable pace. But someone claims to be catching and compiling that data and is offering packages that can track more than 600 million users across more than 14,000 servers, ArsTechnica reported.
Joseph Cox at 404 Media confirmed that Spy Pet, a service that sells access to a database of purportedly 3 billion Discord messages, offers data “credits” to customers who pay in bitcoin, ethereum, or other cryptocurrency.
Searching individual users will reveal the servers that Spy Pet can track them across, a raw and exportable table of their messages, and connected accounts, such as GitHub. Ominously, Spy Pet lists more than 86,000 other servers in which it has “no bots,” but “we know it exists.”
As Cox notes, Discord doesn’t make messages inside server channels, like blog posts or unlocked social media feeds, easy to publicly access and search But many Discord users may not expect their messages, server memberships, bans, or other data to be grabbed by a bot, compiled, and sold to anybody wishing to pin them all on a particular user.
404 Media confirmed the service’s function with multiple user examples. Private messages are not mentioned by Spy Pet and are presumably still secure.
PCMag compared to other messaging apps like Instagram or Snapchat, Discord has historically allows bots and third-party tools to proliferate on its platform. But one surveillance tool, SpyPet, is tracking Discord users across the servers they’ve joined and provides details logs of all messages sent on servers for a starting price of about $5 worth of crypto.
Regardless of SpyPet’s scope, its platform and others like it still pose obvious user privacy and safety concerns. It also goes against Discord’s Terms of Service, which states that no one can scrape Discord’s data without the company’s written permission. Unfortunately, tools like SpyPet could be used to spy on Discord friends and help stalkers, bullies, or bad actors harm existing Discord users.
“Discord is committed to protecting the privacy and data of our user,” a Discord spokesperson tells PCMag. “We are currently investigating this matter. If we determine that violations of our Terms of Service and Community Guidelines have occurred, we will take appropriate steps to enforce our policies. We cannot provide further comments as this is an ongoing investigation.”
Engadget reported for as little as $5 in cryptocurrency, Spy Pet lets you access data about specific users, such as which servers they participate in, what messages they’ve sent and when they joined or left voice channels. It claims to have information on an alleged 600 million users across 14,00 Discord servers and three billion messages.
As for what inspired SpyPet, its creator suggested its a classic case of doing what one enjoys and pushing personal boundaries. “I like scraping, archiving, and challenging myself,” the creator told 404 Media. “Discord is basically the holy grail of scraping, since Discord is trying absolutely everything to combat scraping.”
In my opinion, those of you who run a Discord server might want to take the time to lock it down for now, at least until Discord figures out who the scraper is and kicks them out forever.