2 factor Authentication with changing password, E-Mail or any other security setting.

Kevin Huisman 96

• 22 de febrero de 2022 16:49

Today I got hacked on discord. Got a link from a friend who'm usually help me and I help him making games. Today he send me a link with a download file to ask me to help him out.

Apparently he was already hacked and the hacker tried it again on me. Because of the fact that we did this multiple times already there was no suspicion from me to him. so i tried the download and nothing happend.

Once i tried to tell him he blocked my account and removed me as friend from discord, not long after my discord just logged off and i lost my account. Now with a secondary account i was looking in how easy it is to change your password.

Within the discord app you can do this without any 2 factor authentication. This means if somebody is logged in to discord and you know the current password you can easily change it to something else.

Because you are logged in you must have your password saved on your computer so anyone with acces to your computer could hack your account if he knows where to find the data.

This is why discord needs 2 factor Authentication on changing any of the security details because a hacker will not be able to get to your account the way i just described.

3

• 

  Pudiaz

  • 23 de febrero de 2022 00:20

  100% my friend was just hacked as well, I don't understand this at all, Someone is able to literally take your whole account with just your password, with no Email verification or anything! To change an accounts email, remove sms authentication, etc. it should 100% ask for some kind of code that gets email to your current email. I Currently have 2FA enabled, I didn't really attempt it but what it seems is someone who has my password and got into my account could easily remove sms authentication and my email, without 2FA needed. which I also find is quite dumb. This system should be fixed / changed to secure user's accounts. Theres a huge hack going around stealing discord user's passwords when they download this file, and the hacker can easily just secure the account for them selves.

  0
• 

  Topopoluffer

  • 25 de febrero de 2022 23:52

  I should also be able to Email Discord using the Email that created the account to tell them to disable 2FA so that I can get my account back by changing the password. (I was hacked too.)

  0

Iniciar sesión para dejar un comentario.