Making payments and seeing credit card information should require your password
In the case of token logging, one can accept losing their discord account. But if they have their credit card linked to the account, the attacker can easily see their info and steal it. What i propose, is that whenever you make a payment, you should be requested your account passsword (and 2fa code) before proceeding to the card list. That would make it so if the attacker token logs you, they cant see your card info or make payments.
5
-
This needs to be added.
This is a serious issue with Discord safety. If someone gets your token (very easy to do, surprisingly), they can just go to User Settings > Billing and click Edit on any payment method to get all of the user's information.
This can include their FULL NAME and EXACT ADDRESS. I also don't think it requires a password/2FA code to purchase gifts/Nitrob/boosts. This means the hacker can just buy themselves Nitro using the victim's money.
This is honestly just extremely dumb and no idea why it hasn't been fixed yet. It's a huge security flaw and makes me feel extremely unsafe, especially given the fact I see tons of accounts hacked every day.
0
Please sign in to leave a comment.
Comments
1 comment