Discord Security Issue

As you might already know there are a lot of hackers around discord right now, and I myself got hacked as well. Some hackers might ask you to play their game while others tell you about new promotions with steam. Both methods are used a lot to steal people's accounts and many other methods are used what most people don't even know how they did it.

To prevent this from happening to more people we need Discord's support. This may be through tickets but also other tools to make it more difficult for hackers to steal accounts. Here are a couple of suggestions from me as a web developer that could make it more difficult for hackers to steal users' accounts. And please Discord they are simple things you could easily add.

Add email verification! Why do you connect an email on discord if you only use it to log in? DO SOMETHING with it! When you try to change your email for example, or password or phone, add an extra security method where you have to verify with an email code before you can save your changes. This makes it much more difficult to change emails when you don't want it. Please do the same when you want to change your password. This feature would be so simple to make and makes it much harder to bot change user emails and PW.

Because some users might not be able to access their email anymore you will need to add some reminders in some way to users about this. Also, make users able to verify by phone number instead in case.

If you look at the current system to change a password or email I can see why there are so many hackers. It is just so easy to do. All you need is an account token and you can change everything with no problem. You can bypass the 2fa with no problem. So another suggestion would be an IP whitelist. If you have a verified email and you log in from a different IP you need to verify access. This would be useful for when you log in, but if you have an account token you don't need to log in. The token is full access so you just bypassed the IP whitelist. So maybe add this for API requests as well, or just when you change PW / email.

As you might know, discord has partnered with a security company. But this doesn't stop hackers. If you can hack you know how to bypass virus scanners. So discord this won't be enough! Make discord safe!

Thanks for reading. Feel free to add your own suggestions below and share this post with other people to make discord more secure! Share #makediscordsafe to make discord safe and a better place for everyone, and a worse place for hackers.

टिप्पणियां

7 टिप्पणियां

Balzarine Mythus

03 सितम्बर 2021 05:02

While I do agree there's a lot that could be done to increase security of discord accounts. I'm not certain there's much incentive for discord to do so. Primarily because unlike say, a Steam account. Discord accounts for the most part have no monetary value and to get "hacked" on discord pretty much requires you to fall victim to fishing links or token snag schemes.

Tech

03 सितम्बर 2021 16:03

People are not that smart on this world and will fall for these token gappers. Still I think it is discord job to make it harder for hackers to hack accounts. If you just need 1 single token to hack someone it is pretty easy to do so. It is harder to hack someone with a username and password then it is with a token.

A lot of other platforms do use the email verification system so I think it is good idea for discord to use it as well.

gcolledge202

03 सितम्बर 2021 19:42

I totally agree! Discord is becoming more unsafe and due to Discord advertising their platform more it leads to hackers finding infomation about you. This wont get better so discord needs to do something fast otherwise alot more issues will happen. Discord Do something about it.