My account got hacked and sent DMs about testing a game

saifo

• January 23, 2022 20:06
• Edited

My friend sent me a game on discord, downloading it and installing it signed me out and gave my account to a hacker who dmed my friend list with the same message. Turns out my friend was hacked himself. I changed the passwords on all my important accounts. After deleting it I ran both Malwarebytes and windows security and they found nothing. The file was an exe file node.js javascript run time.

There were several unsuccessful sign in attempts made on my email, except something really odd happened. After I contacted Discord, the hacker replied to them somehow, and said that "I recovered the account, my friend is joking, close the case and mark it solved."
I certainly did not send this reply, and I cant find it in my sent folder either. The discord account has since been disabled and I contacted Discord again, but I'm still worried about my safety and security. Anyone know what I should do in the mean time?

I dont mind losing my Discord that much, I just want all my other info to be safe.

2

• 

  Jennn

  • January 23, 2022 21:19

  I had the same situation and I'm not getting a single response back from Discord about my hacked account. 

  3
• 

  Rin ツ

  • January 24, 2022 08:30

  About the same thing happened to me, I had to open a second account ( this one ) As the person can respond to the tickets. They also managed to change my 2FA and my phone number on my account? ( Nice one discord, good job on allowing that to happen with out any sort of email conformation.) Along they are unable to change the email that is registered to the account, so even If I did do a password change request. I can't because my account has a different 2FA on it.  Discord has really screwed up with protecting peoples accounts with how easy it is to get their information and to just bypass 2FA and text messages. 10/10 would never recommend discord to anyone. 

  2
• 

  sarahsayer

  • January 24, 2022 11:31

  This happened to me too. They responded to the hacker saying everything was fine within an hour and have ghosted me since.

  The hacker was able to do that (did it to me too) because of this help site. If you have access to a discord account and come here you can access and reply to help tickets. It's a serious security issue they don't seem to care about.

  0
• 

  Skep

  • January 27, 2022 10:56

  dude the part where "my discord account got hacked" is happpinig to me rn and discord isnt sending me response to my reply.

  0
• 

  Lancebringer

  • April 02, 2024 15:15

  Necro thread revival. This just happened to me yesterday. Now I dont store passwords on my browser, nor do I use the same passwords for anything. I also have 2FA enabled on everything.
  I was able to setup 2FA prior to them changing my PW as I figured something was goofy. I even have the codes.
  Now, they changed the email, but it doesnt seem they changed my phone number tied to the account.
  The PW change request ofc goes to the new email, but they should have sent an email to my related email account, that this script kiddie doesnt have access to, I nuked their little script I fell for almost immediately, so I could just say “not me” and be done with it. Sending only a confirm to change  to the new email is the real problem here.
  
  The most humorous part was the autoemail they sent me ransoming my account back for $50, and threatening to sell my info, like my info wasnt sold in breaches before, hence everything but discord being 2fa prior to.
  As far as I can tell, they snipe your session token or keylog the email/pass. I should have changed my PW on my phone instead of my own pc, that was stupid of me. However, I marked their ransom email as Phishing, purged the pc, and changed ALL passwords and verified my 2fa was still intact. Theres no indications of them attempting email, most likely because all my passwords are different and I dont use a PW manager.
  
  Personally if I cant get my account back, I would prefer to have Discord delete the account so I can have my Username back, its trademarked anyway, so any use by another party is subject to those laws as well as the cybercrimes they committed by doing this.
  
  Long and short of it is, its annoying to deal with, but Ive dealt with it before. Stinks that I have to deal with this.
  
  My major question to these script kiddies is this.
  Why? Why bother with discord hacking? Its a Federal crime, in most cases a Felony.
  99.999% of the people you hack wont pay, and others like me laugh at the amusement, especially the “ill disable my hacks” like I didnt do that within 2 minutes of realizing what happened and pulling my pc off the net (cant hack what aint connected), nuking the entire PC, and changing all passwords, even if I have 2FA.

  0

Please sign in to leave a comment.