Documentation of my experience with a hijacked account [SOLVED]
Hi all.
This post will just be a documention of my personal experience with my hijacked discord account
Thoughout this documentation, I hope to be able to inform and reassure those who have unfortunately shared a similar situation to mine.
For more information reguarding a ‘recently’ resolved case, I recommend checking out this post: https://www.reddit.com/r/discordapp/comments/17we7zu/discussion_my_current_experience_with_hacked
3/3/2024, GMT-8 (4/3/2024, GMT+10) - Account Hijack
It was 12 am. I was in the middle of a DnD session when I fell for the "Please help me test this game I'm working on" scam.
My discord started bugging, and instead of going to settings to reset my password, I passed it off as a simple bug, tried to restart and lost access to my account.
3/3/2024, 11:51 PM, GMT-8 (4/3/2024, GMT+10) - Initial Ticket Creation
Upon realising what had just happened, I immediately created a support ticket.
4/3/2024, 5:15 AM, GMT-8 (5/3/2024, GMT+10) - Discord Bot Response
Clyde:
Hey Apollofu15,
Thanks for reaching out. We're sorry to hear that you're having trouble with your account!
If you are still able to log in to your account or are still logged in, we recommend that you please reset your password. This will log you out of all other devices and sessions to secure your account. You can find instructions to reset your password and tips on how to protect your account below:
Reset Account Password
Four steps to a super safe accountIf you are having trouble with two-factor authentication/multi-factor authentication on your account, you may remove 2FA from your account by using the backup codes that you were provided by Discord when you initially set up the two factor authentication. We recommend you re-enable 2FA and save your backup codes as soon as you can.
If you believe you have been hacked and cannot access your account after following the instructions above, please reply to this message and provide details with how and when you were hacked so that we can investigate further.
Please note this form is only for hacked accounts. If you have any other questions or concerns, please choose the appropriate support form option for your issue and submit a new ticket here.
Sincerely,
Discord Trust & Safety
As I was awake at the time, I immediately provide details of the situation, with a follow-up ticket containing information about my account (username/ID, phone number, payment methods, 2FA status)
4/3/2024, 9:48 PM, GMT-8 (5/3/2024, GMT+10) - Discord Bot Response
I recieve a message from another bot
Obi Wan Kenobi:
Hello,
Thank you for providing the information about your account.
We’ve escalated your ticket for the team to look into further. Unfortunately, we are unable to give you an estimate time of our response or answer questions about your account, but our team is actively working on these requests.
Please note that submitting multiple reports regarding the same issue may hamper our team's investigation into your report, and slows down how quickly we can help other users.
Thank you for your patience and a team member will get back to you when they can.
Sincerely,
Discord Trust & Safety
Which I respond to shortly afterwards, thanking them for the response.
7/3/2024, GMT-8 (8/3/2024, GMT+10) - Ticket Bump
I bump my ticket, sympathising with the discord team and the number of tickets they have to intake, while trying to express my concern for the users in my friends list, and hoping that they'd see my position and increase my chances of resolution.
7/3/2024, 9:38 PM, GMT-8 (8/3/2024, GMT+10) - 2nd Ticket Bump
I update my ticket with more information regarding my account - that being name and online status change
7/3/2024, 9:53 PM, GMT-8 (8/3/2024, GMT+10) - Hijacker Harassment
The hijacker adds me on my backup and proceeds to spam me with 'carla who', of what meaning I know not.
8/3/2024, 9:17 AM, GMT-8 (9/3/2024, GMT+10) - Forum Post Creation
I create this forum post.
I plan to avoid further interaction with the hijacker and await discord responses, hoping that it won't take months.
I will update any progress as it occurs.
8/3/2024, 12:45, GMT-8 (9/3/2024, GMT+10) - Twitter Bump
I Direct Message @discord_support on twitter in hopes of getting a status update of ticket.
9/3/2024, 2:13 AM, GMT-8 (10/3/2024, GMT+10) - Twitter Response
@discord_support:
Hello there. Your ticket is currently still open in the correct queue, and a Trust and Safety team member will get back to you as soon as they can. The team is working through these tickets as quickly as they can. I don't have an ETA at this time, but you should receive a response soon. We genuinely appreciate your patience and understanding in the meantime, and if you need anything else please let us know.
11/3/2024, 9:05 AM, GMT-8 (12/3/2024, GMT+10) - Twitter Inquiry
I DM @discord_support on twitter again in hopes that they'd be able to shed some light on how my mobile 2FA was removed.
11/3/2024, 6:41 PM, GMT-8 (12/3/2024, GMT+10) - Twitter Response
@discord_support:
Unfortunately, our social team doesn't have any information regarding Discord accounts being hacked. That is handled exclusively by our Trust & Safety team for security purposes. I apologize for the delay in response to your ticket. Tickets are answered in the order they are received, the team will get to your request as quickly as possible. For security and privacy reasons, we’re not able to discuss account details from here.
13/3/2024, 11:53 PM, GMT-8 (14/3/2024, GMT+11) - 2nd Ticket Creation
I create another ticket to cancel my ongoing nitro subscription, to remove my payment methods from my hijacked account, and to speak to a support team member
13/3/2024, 11:53 PM, GMT-8 (14/3/2024, GMT+11) - Discord Bot Response
@Clyde immediately responds to me:
Hey there,
We’re sorry to hear about this situation.
If you have lost access to the email address associated with the Discord account you had described, we can look into assisting with any refunds that are eligible per our Refund Policy, removing your payment information, and canceling the subscription from the associated account.
Additionally, if you haven’t already, please provide the following details as we will need them to move forward:
- Last four digits of your credit/debit card:
- Date of most recent charge:
- Amount of most recent charge:
- Billing zip or postal code:
- Screenshot of this transaction on your billing statement:On the other hand, if this occurred in PayPal, we'll need:
- Your PayPal account's email address that is associated with the charge:
- Date of most recent charge:
- Amount of most recent charge:(If your PayPal account is associated with a different email, please submit a new ticket from the email associated with your PayPal account. To protect our users' privacy and security, we're only able to discuss account details with the email address associated with that account.)
Thank you, and please let us know if there's anything else.
Sincerely,
Discord Trust and Safety Team
I tell them that I don't want a refund, and only wish for the cancellation of my nitro, the removal of my payment methods, and to speak to a support team member.
14/3/2024, 4:28 PM, GMT-8 (15/3/2024, GMT+11) - Discord Response!
I get though to a staff member!
Though it was from a different branch that handles financial transactions.
Mary (Discord)
Mar 14, 2024, 09:28 PDT
Hey there,
Thank you for providing the requested information. Upon review, I have canceled the subscription and removed your payment information from the associated account.
Please note that the charge you indicated to us on your card ending in 1989 doesn't appear to be affiliated with our platform/app. I'm afraid that we won't be able to provide support for this transaction if this charge occurred outside of our billing system.
For reference, all purchases made within Discord will be labeled DISCORD* ItemName within credit/debit card statements (depending on how your bank renders this) and PAYPAL* DISCORD if completed through PayPal.
For more information, you can check out our Billing FAQ here:
https://support.discord.com/hc/articles/360017693772
I recommend reaching out directly to the vendor associated with this charge for further support.
Additionally, if you are still waiting to recover your account, please wait for correspondence through your other open ticket with our Account Security Team.
We apologize for the inconvenience here, but please let us know if you have any other concerns.
Best,
Mary
I thank them for their help, and try to raise awareness towards my account recovery ticket by stating that all I want is for my account email to be reverted and for a password reset email to be sent.
14/3/2024, 7:02 PM, GMT-8 (15/3/2024, GMT+11) - 2nd Ticket Closure
My ticket regarding my payment methods was closed.
I had reopened it by replying to the support agent that was assigned to me, but it seems that they've closed it again.
Hopefully my request was read and considered.
12 days has elapsed since my ticket creation, no agent has been assigned yet.
25/3/2024, 4:58 PM, GMT-8 (26/3/2024, GMT+11) - New Activity?
I was just browsing the forums and conducting another ticket checkup when I noticed the ticket activity changed from 22 days ago to 5 hours ago(4:58 PM GMT-8).
Hopefully this means that someone has viewed it and that I will be recieving a reply shortly?
I was on my way to create another support ticket, but will hold off for now in hopes of a reply.
10/4/2024, 5:49 AM, GMT-8 (11/4/2024, GMT+11) - New Ticket Creation
I decided to create and submit another ticket seeing as it has been a month already with no response
This time, I tried to include all my info within the inital ticket creation (details of event, account ownership proof, discord pw emails, etc), as well as being more thorough with the details requested by the ticket.
10/4/2024, 5:49 AM, GMT-8 (11/4/2024, GMT+11) - Discord Support Email response
Got a entirely different ticket confirmation response from Clyde
##- Please type your reply above this line -##
Hey there,
Thank you for reaching out! Sorry to hear that you experienced this on our app.
**While our team investigates this, please read through the following points:**
1. If you created a new Discord account with the email that was previously associated with your hacked account, you will need to change the email on the new account to something else. That way the email address is available to be moved back to the original account.
- Follow the steps here to change the email address:
https://support.discord.com/hc/articles/44233856811752. Any unauthorized purchases on your account will be investigated and refunded accordingly.
3. If a new Discord account has been created without your permission using your email, please let us know right away.
4. Any updates or changes made to your servers, friends list, or messages are irreversible.
5. Double check and make sure all the information provided through the support form was accurate.
- If you are unsure about any of those details, please let us know in a reply.In the meantime, please let us know if you have any questions. Our team will respond as soon as they can; we truly appreciate your patience.
Sincerely,
Clyde - Discord Support Bot
I replied to the email with a simple acknowledgement.
10/4/2024 08:09 PDT - Account Recovery
Holy miracle
Hello,
Our team conducted an investigation and have reverted your account back to your original email. We apologize for the delay.
During this investigation we temporarily suspended the account. You should have received an e-mail with steps on how to reset your password. Once you have reset your password, your account will be re-enabled.Unfortunately, we are unable to revert any changes that were made to the account, such as changes to server permissions or messages sent.
If you haven't received the email yet, you can also use our forgot password feature available from the login page here: https://discordapp.com/login! You just need to type in your email address and then click "forgot password", and then you should get an email shortly with a link you can use to reset your Password! Here's a link with more information as well: https://support.discord.com/hc/articles/218410947
We recommend you make sure to have a strong password and enable two factor authentication on your Discord account! You can check out password managers like 1Password (Mac) or Dashlane (Windows) which make creating and storing secure passwords a breeze. Additionally, you can check out how to enable 2FA onto your Discord account through this link: https://support.discord.com/hc/articles/219576828
For future reference in protecting your account, here's some important tips to keep in mind:
- Be wary of clicking unfamiliar links (If you leave Discord by clicking on a link that brings you to an external site, it's possible that the website can access your personal information)
- Stay away from downloading unfamiliar files from anyone you don't know personally or trust!
- Group servers full of new people can be a great way to meet new people, but be careful about sharing personal information!
- Discord employees will never ever forever never ask you for your password or other personal information on text or voice chat.
- On that note, you can always ask us via Twitter or email if you're not sure. Better to be safe than sorry!
- Remember that any public announcement we would make will be broadcast across our official accounts, not heard second-hand!
If you have any questions, just let us know here.
Sincerely,
Discord Trust & Safety
Yup, I got my account back within minutes of sending in the ticket!
Thanks everyone who has acompanied me on this journey! I wish you the best of luck in your recovery process.
I'm always open to answer any questions you may have to the best of my ability.
-
Hi there. I am in the same position as you. It all started March 5th at 5:39pm when I was reached out by one my supporters via DM. It was a "try my game" malware scam which I unfortunately fell for along with 10 other of my friends. I have all of the evidence of the hackers messages and people backing me up. I have not received any other message except for Clyde. I have not gotten any email from someone saying they're escalating my ticket. I assume they're getting a lot of requests and I understand, but I am afraid of my data being deleted within the 14-30 day span. I too am hoping discord sees my friends list and my server knowing how important it was to me.
My support ticket is #43676737. Please, help me and Alpha. This has affected a lot of people.1 -
I also face the same issue, my ticket were still left open even after my account has been deleted. Hacker secretly token access my account and used my account to spam post illegal content, get me disabled and deleted with possible on watchlist. (Lost 1 years worth nitro and my IRL work).
Alpha
Welcome to hard truth of Discord Where Discord support doesn't give a [Redacted] even you pay nitro or has no history of violating TOS, zero tolerance my [Redacted]
1 -
At least you got a response. I've been sitting here for over three weeks now, waiting for them to do anything. I'm in the same boat…. I even got the escalated message and talked to discord_support, all saying the same thing.
1 -
Moonstone Games
I'm genuinely sorry that you've had to wait for such an extended period of time.
Personally it's been quite stressful, seeing how discord was my main social platform.
The only responses that I got were the automated one from Clyde, the escalation message from Obi, and the twitter ticket status update from discord_support.
I don't know if they were from actual staff or not at this stage.
Out of curiosity, approximately when and how long did it take for you to receive your escalation message after you had replied to the automated bot message?
2 -
It was about 1 day after the bot message but then nothing after that.
2 -
Moonstone Games
Same case here.
Just really hoping that I get lucky or something…
Have you tried bumping your ticket yet? Its been way longer than a week.
0 -
This happened to me today. Same scenario, in fact the “game” they have you open is actually ransomware and does more than access your discord. I had the guy using my browser session deleting emails from discord support as well as soundcloud trying to cover up his tracks. Once I noticed this i pulled the plug on my pc, reformatted everything. Antivirus will not detect anything unless you have something that excels in zero-day exploit protection. This is a serious issue and just goes to show how terribly insecure your discord account is if it can be manipulated through a running process. To add some icing on the cake, they continued to use my account with my linked paypal making nitro charges until my paypal called me and blocked the charges. Not a peep from discord, and my account is still active and on a rampage. At this point discord is complicit with these criminals.
1 -
Tcresine
Yeah, not sure when they'll address the token vunerabilities or the lack of support.
I think I got lucky and my hijacker only used a token logger/session stealer, as none of my other accounts were touched.
I've since wiped my browsers of sensitive data, moved logins to BitWarden, switched over to session keys over mobile 2FA, and am utilising 3rd-party software to wipe and store my discord token in an encrypted location.
1 -
Alpha I am doing the exact same with 2FA LMAO. That's crazy. Yeah I think I got lucky too. He only stole my discord password to charge $100 on nitro using my payment method. I had the charge reversed by the bank which is why I think Discord is not giving my account back. God knows how many other people were scammed.
1 -
Alpha may I ask how you're making your discord token more secure? I would love to do the same.
1 -
Spock’s Friday Nights
From what I have gathered, Discord stores your tokens in %appdata% within the Local Storage and Session Strorage folders, which the token loggers supposedly read from.
I'm using a DiscordTokenProtector by andro2157 on GitHub, which wipes the Local/Session Storage folders and moves the contents to an encryped location.
You can read more on the GitHub page, hope it helps!
0 -
It's pretty ridiculous that a company that's about to go public has this much trouble identifying and preventing privacy threats as blatant as this one, tailored and targeted to their customer base and leverages their own platform from start to finish lol.
1 -
Tcresine
Eh, I won't pretend to understand any of the corpo stuff, but hopefully once the public is involved, flaws like security and support will be forced to be addressed.
Other than that, there aren't really any social platforms quite like discord out there, so y'd say that they kinda are on top of the competition.
0 -
Update on my end:
The hacker is still joyriding with my account almost 24 hours now and contacting my friends that I was able to warn in advance. I've sent screenshots they took and provided to discord support case. Haven't received a response from a human since the case was opened, security team hasn't even batted an eye at the situation if they're even aware of it. Pretty sure the security and support team at Discord are just a bunch of Carl-bots with human nick names at this point. I'd love for someone to prove me wrong lol0 -
It's been 10 days since discord support's last response to me.
Honestly have no idea what the hijacker's doing with my account now
Their twitter @discord_support did respond to me 13 hrs ago tho, so maybe give that a try
0 -
I'm In the same boat as you guys, though I haven't had a reply for about a month and a half now. Everyone that I know of that has had accounts hacked has gotten a reply around the 2 month mark, so worst case scenario get ready for a long wait. I lost everything on my account day 22 because the person that stole mine sold It off to someone else.
I hope you guys manage to get a reply before I do.0 -
A month and a half?! My condolences
Have you sent in another ticket or contacted discord on twitter yet?
I did get a reply after I responded to Clyde, but I don't know if it was an actual person or another bot escalating my issue.
0 -
Alpha I have tried contacting them on social media since the 9th last month, I have been ghosted on twitter completely. I did get a reply on facebook but they said that they can't help with anything related to your account for security purposes, that's solely handled by the trust and safety team.
I have not made anymore tickets because doing so puts you In the back of the line of the queue again, so I'm just sitting and waiting for a “hopeful” reply soon. The only replies I have on my ticket are the 2 escalations from the first 2 days of It still.
Edit:
The replies you get when responding Is bots, you'll know when It's a real person because It'll say their name on the right side of your ticket.0 -
Hotaru
Ghosted on both post tags and DMs?
I'm honestly surprised that they have a Facebook page.
First 2 escalations? Do you mean the initial bot response, followed by the escalation confirmation that is supposedly sent by a team member?
0 -
Alpha I got an escalation from the bot Grimmjow and then another escalation from a bot called Nelly the next day. That's about It.
And yes they don't reply to anything, I have tried since the 9th last month on getting In contact with them on twitter but to no help. But tbh the more I research the more It wouldn't have mattered, as the social team on facebook said. The social teams have no power over peoples accounts nor can they share any info regarding actioned accounts ( as In you made a ticket for a hack or of the sort ).
They will just tell you to be patient and that you'll get a reply soon, by soon they mean whenever they get to your ticket In the queue. It could be 1 week and It could be 3 months It all depends on how many tickets they have to go through in that category.
Looking at my own reply time so far I'd say they are pretty filled up on tickets these days and even more now because of all the automatic bans that started happening a month ago.1 -
Hotaru
So both Grimmjow and Nelly sent you somthing along the lines of this message?
Hello,
Thank you for providing the information about your account.
We’ve escalated your ticket for the team to look into further. Unfortunately, we are unable to give you an estimate time of our response or answer questions about your account, but our team is actively working on these requests.
Please note that submitting multiple reports regarding the same issue may hamper our team's investigation into your report, and slows down how quickly we can help other users.
Thank you for your patience and a team member will get back to you when they can.
Sincerely,
Discord Trust & Safety
This was sent to me by Obi Wan Kenobi, I'm unsure if its a bot or not.
I also saw the post that you commented on where the OP got his account back via requesting for deletion, then speaking about the actual situation to the support agent they were assigned to.
Do you think that would be a viable course of action?
0 -
Alpha That's a bot reply, everyone gets these. It's just a way for them to verify your Issue and send It Into the queue system they got.
You can confirm whether It's a real person or not by looking top right of your ticket where you have the status of your ticket etc, there will be an extra thing there that will say “Assigned to *Name*”
This means your ticket has been assigned to a real person, It'll say their name there too. If you don't see any “assigned to” anywhere there then there's no one that has even seen It yet.
The message you posted Is the exact same as the first one I got, It's their default bot reply.
To answer your other question, no. I would not recommend trying this, he was extremely lucky and managed to lie his way Into tricking support to help him. If this fails then you can kiss your account goodbye for good, I know this sucks but I would just wait It out regardless of how long It's going to take them to get back to you.
The less tickets you make the quicker you'll get a reply, don't make anymore regarding the same Issue because you can risk your tickets getting not only put In the back of the queue but also auto flagged as solved.0 -
Hotaru
That's how it works? Explains why I couldn't find the @ of Obi
Thanks for enlightening me
I'd really like to not wait months upon months, seeing as discord was one of my main social platforms
Really worried about the damage that was/is being done to those on my friends list
0 -
Alpha Did you have any badges on your account?. Like Early Supporter or the likes?.
If you had ANY badges, then he'll most likely sell It off to someone. If that happens then all your servers and people on your friend list will be wiped, that's what happend to mine after 22 days. Profile picture changed, username changed and name Itself and he deleted and nuked all my servers and friends.
If you didn't have any badges on the account then It has no value for these kinda hackers, so they will most likely just use It to try and trick people on your friend list Into doing the same that happend to you until they find someone that has an account worth selling.
They are looking for accounts with high value badges and accounts with credit cards connected to It to sell Nitro with your money, If you ran an exe then they most likely left some malware on the pc Itself to log what you're doing and potentially gain access to even more sensitive accounts when you login to stuff yourself on the machine.
But the main thing most of these aim for is just your discord, but after going through what I went through and found out with my own machine I just nuked It and clean reinstalled windows because we found a rootkit that would constantly make 2 trojans on my machine over and over regardless of how many times we removed It.
Did a full windows reinstall with all partitions wiped to be completely sure, you can never be too sure when It comes to people like this. It might look like your discord was the only thing you lost but you never know If more than that has been compromised In the process.0 -
Hotaru
No, just a running nitro subscription that I'll have to cancel if this stretches for too long.
I wrote up another post about my findings if you're interested in that
0 -
Alpha That's good to hear, but be careful If your card Is still connected and running for renewal. If he buys Nitro and gifts It to someone ( sells It ) and you do a chargeback then you also lose your account because of ToS, I'd cancel It as soon as possible If I were you. He can see your card Info on your account, I had nitro running from a 1 month free thing ( I removed my card right afterwards again ) so when I lost access there was nothing he could use. But I took the extra step to call my bank and get my card blocked and a new one sent, when I comes to my card and money Ingeneral I can never be too sure.
Especially after seeing how bad Discord security Is, when he has access to your account then he can download all your personal data ( ANYTHING ) you have ever typed Into discord Including your credit card details. Yes for some reason It's as easy as going to settings then “Privacy & Safety” at the bottom there's a “request data” button, click that and you get a copy of everything.
It Infurates me that It's that simple to steal someones data on the platform, all It requires Is access to your account for a mera 30 seconds and all your personal data Is In their hands.0 -
Hotaru
Yeah, I should probably get around to doing that
I looked into it more, and the amount of control and access that tokens give you is ridiculous
0 -
Alpha I've never been a fan of tokens Ingeneral regardless of platform, 99% of everything uses It nowdays or atleast allows you to use It. ( As In It auto logs you In when you visit, that's what a tokens does It's a verification system ).
Youtube / your mail / a lot of games, steam / epic games etc you name It they all have the option or use It by default to remember It's you everytime you open them. I always thought to myself, Is It really worth It to skip a couple seconds everytime to login to your stuff manually everytime?. All It takes Is 1 mistake and some random dude has accesss to anything he wants or made the malware steal because of the function.
I got extremely lucky because the person that stole my discord also stole my mails session, so he was able to change my info and remove my phone number and add his own locking me out of my own mail, he had access to It he made a new discord account and moved my mail to It then added his own to my discord.
I managed to recover my mail after calling support and talking with them over phone for about 30 mins, I got extremely lucky. He had ofc deleted all the mails discord send you for confirmation to chance info etc, but I managed to recover them by talking with support some more a week or so after so I could use them as proof In my ticket too.0 -
I think I got luckier than you because my hijacker didn't touch my email account at all, or any of my other accounts.
I'm in the process of submitting a ticket to cancel my nitro and for my payment methods to be removed
its funny because clyde responded to me almost instantly
0 -
Alpha Aye If It's an easy thing that even the bots can handle then It'll be quick, or even sometimes the bots will be there Instantly for other things too. Sadly can't say the same for the actual trust and safety team though.
0
Log ind for at efterlade en kommentar.
Kommentarer
152 kommentarer