Restict users and bots from accessing the server's entire user list when using the bot API.



  • aziz

    This has to be fixed by Discord ASAP as it is a major security flaw IMHO. Anyone who joins should not be able to gain access to the entire members list or whatever Discord sends in the compressed response when the initial public channel is locked to unverified users.

  • omnicons

    Unfortunately not true. We're at the highest level of verification, and while the bots aren't able to send messages in the server, they're able to spam people in our server with NSFW content in DM.

  • Blue
    you can prevent users without a role from DMing people when they first enter a server by increasing the verification level of it in the server options. This won't fix the problem, but it'll give you a chance to help it
  • pvtHenk

    Almost a full year later Discord still hasn't learnt how to protect their userbase from unwanted spam. If we turn on the highest level of verification, and they can just call the API to get the entire user list and spam them with DMs, then this is like aziz pointed out a major security flaw and MUST BE DEALT WITH.

    "Just tell members to close their DMs" is not good enough (referring to:

  • liam

    Users can change their own privacy settings.


Please sign in to leave a comment.