FA+
Shop
Be aware of new Discord hack/scam(RESOLVED)
4 years ago
Updated my journal
IMPORTANT UPDATE: Discord finally got their arses in gear and got my account back! About fucking time, it took them over a fucking week!
I've already posted a PSA on Twitter on the night that it happened but I'm going to post one here now that I have wiped all my drives and reinstalled Windows as a precaution. There's a pretty sophisticated auth token scam that's going around Discord and I got hit by it, which goes to show how sophisticated it is.
Context:
I was messaged by a server mutual who wanted playtesters for a game they've been developing, I know a few people who are trying to get into game dev so I took the bait. The account was legit, belonging to a server mutual as mentioned previously and the link they sent was to a legit itch.io page with a TotalVirus link for verification, a lot of effort went in to make this look very legit and above board. However upon running the program, my Discord auth token was stolen along with my password and due to Discord's shoddy security, they changed the email without prompting any sort of confirmation from either my original email or my 2FA. As of writing this I'm still waiting for Discord to do anything about this attack or the loss of my account, I'm extremely frustrated at the lack of any real communication or even any sort of public service announcement from them officially warning about this new scam.
It has been over 24 hours since my account was stolen. Let this be a lesson to everyone who reads this, you can never trust anyone, not even friends or mutuals. Itch.io is now a minefield for this sort of thing, be aware and don't trust anything from that site anymore. If you see something similar to what I was sent, asking you to check out a game that a friend made, or that they made or that they want to play with you, don't click it and especially be aware that the hackers are able to mimic the speech of the people who's accounts they've stolen.
I've already posted a PSA on Twitter on the night that it happened but I'm going to post one here now that I have wiped all my drives and reinstalled Windows as a precaution. There's a pretty sophisticated auth token scam that's going around Discord and I got hit by it, which goes to show how sophisticated it is.
Context:
I was messaged by a server mutual who wanted playtesters for a game they've been developing, I know a few people who are trying to get into game dev so I took the bait. The account was legit, belonging to a server mutual as mentioned previously and the link they sent was to a legit itch.io page with a TotalVirus link for verification, a lot of effort went in to make this look very legit and above board. However upon running the program, my Discord auth token was stolen along with my password and due to Discord's shoddy security, they changed the email without prompting any sort of confirmation from either my original email or my 2FA. As of writing this I'm still waiting for Discord to do anything about this attack or the loss of my account, I'm extremely frustrated at the lack of any real communication or even any sort of public service announcement from them officially warning about this new scam.
It has been over 24 hours since my account was stolen. Let this be a lesson to everyone who reads this, you can never trust anyone, not even friends or mutuals. Itch.io is now a minefield for this sort of thing, be aware and don't trust anything from that site anymore. If you see something similar to what I was sent, asking you to check out a game that a friend made, or that they made or that they want to play with you, don't click it and especially be aware that the hackers are able to mimic the speech of the people who's accounts they've stolen.
Thankfully I wrestled control of my Discord account back before they could change email or anything. Changed pass and enabled 2 factor. Doing a system restore point as we speak.
So if you got control of Discord back, you should be fine. The virus dumped its payload and left, all you need to do is system restore the fuckery it did to your registry files.
Glad to hear you got your stuff back at least!