I’m actually curious where did they got the passwords from? Discord.io looks to be using Discord itself for authenticating users, but I myself have never used the service so I have no idea.
I apologize. I included an image in the submission and it seems it hijacked the URL. I’ve edited the submission to include the link.
The breach has now been confirmed by the Discord.io team and the article has been updated to reflect this.