Yep, the new hack got me.
I got a ping from a friend of mine who was actually a game developer in regards to the new 'game', and I agreed to try it out.
Sure enough, e-mail address was changed as well as the password, but I was somehow half logged in/half logged out so I was able to see the e-mail address they had used.
Opened two tickets, and so far nothing. So for right now I'm signing that e-mail address up for all sorts of spam/pr0n/etc., while constantly asking to change the password.
That is NOT my e-mail address, but that IS my masked phone #.
-
You aren't likely to receive any help.
I lost my account to the same hack 2 weeks ago. They, in order of events.
1. Asked me to verify it was my account and give them information regarding how it happened, who was involved, etc.
2. After being provided with that info, routed me over to their financial department who asked me to confirm I am the current email(Meaning the hacked one)'s owner so they can try to refund the fraudulent charges.
3. After asking me for that, I clarified the charges were already stopped and asked to have the opportunity to speak to a person.
4. They sent me an immediate follow-up saying my ticket was being escalated, after which it has been almost 2 weeks since I have received a response.
I have since opened an additional ticket, which didn't even get to the verification stage, it just never got responded to after the initial botmail response.
And their Twitter has also been pointedly ignoring anyone asking questions regarding missing accounts.
I think we're all entirely SoL because discord is making money off of these stolen accounts because the grifters usually buy a few hundred dollars worth of nitro. Or they're just trying to bury their heads in the sand because they're utterly incompetent and can't revert an email change or fix the hole in their 2fa that has an ownership exploit.2 -
I think we need to get a twitter hastag trending or something. #IgnoredByDiscord
2 -
I haven't been even been asked any verification questions yet.
But at the same time they hadn't made any Nitro purchases with the card I used because I reported it lost/stolen.
So all they can do is try to hack other folks on my friends list but most of them already know from my Twitter post. But yeah, the ability to bypass the 2FA is scary.2 -
Yep, lost my account as well about 7 days ago. Absolutely no response from discord and I've opened 3 tickets. They spent over 300$ CAD on my discord account through nitro gifts etc, my bank has refunded the charges temporarily but I still need to pay them back and I need discord to refund them.
1 -
Woah woah woah!
Bypassing 2FA?
WTF?
What is this hack, how do we protect ourselves then?
It seems like there is a new vulnerability every week or something with Discord.1 -
It's a Javascript hack, I know that much. This is what happened when it failed, but when it worked it changed my e-mail & password almost instantly.1 -
Apparently Discord does no client integrity checking on startup and a chunk of the client files are Javascript.
This is a HUGE hole.1 -
same here - was asked to test new game out by a friend i had added on discord. I feel like a R***** thinking it was legit. Its been 5 days - I got a response 2 days ago they were escalating issue.
1 -
I've started up the #IgnoredByDiscord tag if ya'll wanna start tweeting it out with your experiences and stories. I've emailed PC Gamer to see if they wanna run a noise article or something lol
1 -
You can prevent getting hacked by not using your token ANYWHERE. NOTHING IS SAFE. and don't click on ANY SUS LINKS!
0 -
Don't trust your friends either, and I recommend to everyone to REMOVE THE BILLING INFO OFF YOUR ACCOUNT!
0 -
Yeah, I canceled the credit card that was associated with the Nitro.
0 -
Hello all!
First of all this place is not for support but I can understand your pain but sadly you have to wait. Discord gets alot of requests everyday.(Replying to Athena was here)
Yo! Basically if someone gets your token which is like a key to your account if someone gets your token somehow, they have full access to your account even if they don't have your email, password or even 2fa. If you think that your token got leaked then follow these step ASAP
- Change your password.- Change your 2FA Backup code.
This will regenerate your token and the old one will become useless.
and yeah, This is for suggesting new feature, not to complain or for help.
0 -
The hack auto-changes your account e-mail address and password. When I went to change the password after it happened it said that no account existed with my e-mail address.
1 -
Although the fact that Discord's ignoring it while I keep getting pinged on other sites/media/etc. that my account is pinging them and trying to get them to fall for the same trick is a little frustrating.
1 -
Yep my main discord account, I got hacked on for the exact same reason, game link..
My friend got hacked after clicking the link from my hacked email, but just 3-4 days later told me discord retrieved their account and got it back to them.
I suggest keep pestering and going after discord in regards to this.
0 -
I still have my phone number on my account but when you try to revert your email/password using your phone number it says input the 6 digit code it sent you but instead of giving me a code IT LITTERALLY SENDS AN EMAIL TO THE HACKER, this makes absolutely no sense lol who designed this feature?
0 -
I noticed that too.
I made a new account and when I went to 'forget my password' with my phone and it sent it to my phone #, but on my old account it's 'a reset code has been sent to your e-mail'0 -
Also the individual has changed the account name to SeeMo Early#0001, but still has all my connections linked.
0 -
My account name was changed as well, they do that because when you email discord they ask you to provide the username and tag of the account that was compromised, they usually wait a day or so before changing it so when discord replies they will tell you the username is invalid, and then make you wait for discord to respond to ANOTHER ticket.
0 -
Lol just noticed you have the super rare booster thing, I had discord nitro and I'd been a paying customer of discord for quite some time. They should really make sure to give support to paying customers.
0 -
This is my account now:
the name used to be saf#0001 and when I made a discord support ticket thats when he changed the name, its almost like they KNEW when you made a support ticket
0 -
it sucks cause thats a pretty old account almost 5 years old (2017)
0 -
I think my screencap of my profile WITH the changed e-mail address but my actual phone # will help out. Along with my background banner, the fact that the connections and such all have 'Scope' in it, etc. And he didn't change it until today, when I had filed the Discord ticket about ten or fifteen minutes after it happened.
0 -
I never went through with it when I got to the payment screen, clicked off because I'm broke, and that's when the link spread and unfriended everyone. My email has not been changed, but am I still at risk of being hacked and stuff? I've never purchased Nitro myself, so there's no card details and such that is saved on my Discord.
0 -
As for my account it was Hachuurui#9913 but now its like $k#0008 I've taking pictures of the account changing but its been 2 weeks now. I've already filed a complaint with the BBB. This has hurt my business as I used them for communication. If this continues, I'm debating arbitration.
0 -
I've just gotten the automated Discord e-mails so far.
It's ridiculous. They have records of my original e-mail account being associated with that token, there are screencaps of before & after, etc. What else could they even need?0 -
I've given them them screencaps from 10 other people going "Hey, is this you/you're hacked/etc.", and even the payment successful e-mail from my Discord Nitro subscription that has the payment ID/date/source/e-mail/name/etc.
And then I get "I checked your account associated with xxxxx@xxxx.com and it appears that there is no transaction here. It is possible that you are contacting us using another account. "0 -
So for our issues to get resolved, it should take a month or 2 - just make sure you give all info you have and once they say they are escalating just wait. seems others say it take over a month. lets keep each other updated on these post.
0 -
They're not escalating mine. They just see the new e-mail address and go 'This isn't you.', and then resolves my ticket.
0
Please sign in to leave a comment.
Comments
32 comments