Banned on discord on an account I didn't create!

hopium

• June 06, 2021 09:00
• Edited

Hello, today morning someone created an account on my main email. I instantly loggedi n and changed the password , and I also filed a support ticket. Later today, I find my email is barred from making accounts. Please discord, have a look into my support ticket and see the IP of logging in and how long I was logged in each account

 

 (14141271), (14123959)

I think is happening too others too :

https://www.reddit.com/r/discordapp/comments/nssujm/what_is_this_im_scared_for_my_life_right_now/?utm_medium=android_app&utm_source=share

https://www.reddit.com/r/discordapp/comments/nsub1m/is_anyone_getting_these_it_seems_to_be_a_fake/

https://www.reddit.com/r/discordapp/comments/nt5nyw/someone_signed_up_an_account_on_my_email_that_i/

 

https://www.reddit.com/r/discordapp/comments/nt64cu/has_anyone_gotten_an_email_confirmation_for_a/

https://www.reddit.com/r/discordapp/comments/nthfa6/someone_used_my_email_address_to_create_an/

https://www.reddit.com/r/discordapp/comments/ntenc5/some_one_made_an_account_with_my_email/

https://www.reddit.com/r/discordapp/comments/ntcgwg/is_someone_trying_to_phish_me/

 

so on

Please discord!

 

9

• 

  Citation

  • June 05, 2021 23:51

  Same thing happened to me in the last 24-hours. Saw the verification e-mail, submitted a ticket to delete the account, reset the password. However, I woke up today to find it was disabled for botting, etc. 
  
  In my e-mail to Discord support to remove the account I suggested having a 'Did not create this?' link in the verification e-mail to simply let us delete this when done maliciously as these clearly have been. 
  
  Better yet, don't let the account be used until the e-mail address is verified. 
  
  What's the point of a verification process if the account can be utilised without going through it? That just seems ripe for exploitation. 
  
  I use Discord with my gaming related e-mail address, but it's frustrating that my primary e-mail was used and now disabled for something that I tried to fix and that is ultimately a problem that could have been resolved had Discord had better systems in place originally.
  
  Don't. let. accounts. be. used. until. they. are. verified.

  3
• 

  WeeWoo

  • June 06, 2021 01:57

  same thing happened to me

  1
• 

  veijen

  • June 06, 2021 11:45
  • Edited

  Fortunately didn't happen to me, but this seems to be related to how Gmail works (i fortunately didn't register with a gmail account so this never happened to me)
  
  Basically, you can register multiple accounts in Discord by adding a . anywhere on the gmail, i.e: unstoppableandcrazypowergaming@gmail.com and unstoppableandcrazypower.gaming@gmail.com count as different emails in Discord, despite being the same email in Gmail.
  (don't click at email links, those are just examples)
  
  As far as i can see, this is the only plausible way i can think of for the rogue accounts to be able to register a new account using an email that's already tied with a pre-existing Discord account.
  
  If that's the case, this is a really dumb security oversight and needs to be fixed ASAP.

  0

Please sign in to leave a comment.