Last week, journalist co-op 404 Media reported on Spy Pet, a site that was mining billions of Discord messages from nearly 620 million users and selling access to that data for as little as $5. After investigating the matter, Discord has announced that the accounts connected to that repository have been banned and the company is considering legal action.
Kotaku Goes Hands-On At The Apple Developer Showcase
According to an April 26 404 Media story, Spy Pet had been trawling roughly 14,000 Discord servers for a few months now, collecting tons of user data through “self-botting,” accounts operated by a program or script that automate actions—like user login attempts—which could disrupt the platform. Because Spy Pet was able to circumvent Discord’s processes, those accounts freely joined servers, including ones affiliated with games like Minecraft and Among Us, and scraped them for details like the other servers users were members of, their messages posted in those servers, and the voice channels they’d joined or left. Because Discord views self-botting as “platform abuse,” the online chatroom company is finally doing something about it.
In a statement to 404 Media, a Discord spokesperson said that scraping its services and self-botting are violations of the company’s Community Guidelines and Terms of Service. As a result, Discord has banned the accounts and is considering appropriate legal action.
“Our Safety team has been diligently investigating this activity, and we identified certain accounts that we believe are affiliated with the Spy.pet website, which we have subsequently banned,” the spokesperson said. “Based on our investigation, the accounts accessed Discord servers that were open and available for anyone to join or where the accounts had easy access to a valid invite link. Once in these spaces, these accounts could only access the same information as any other user in those servers.”
In addition to servers tied to games, Spy Pet bots also mined chatrooms connected to cryptocurrency. It doesn’t appear that Spy Pet could dig through a user’s private messages, but the fact that the bots could just grab so much info and compile it on a site to sell for cash is a bit terrifying. Funnily enough, before the site went down, 404 Media reports that Spy Pet advertised itself as a service for folks who wanted to track their friends (weird), law enforcement who wanted to buy user data (weirder), and anyone looking to train AI (the weirdest). Unfunnily enough, 404 Media found that Spy Pet had ties to the harassment forum Kiwi Farms, with Discord saying that it believes the owner of the bots is a member there.
Kotaku has reached out to Discord for additional comment.