Discord

Discord

[View Related Sub-entries]

Updated May 28, 2021 at 04:40PM EDT by Philipp.

Added Apr 12, 2017 at 10:22PM EDT by 3kole5.

PROTIP: Press 'i' to view the image gallery, 'v' to view the video gallery, or 'r' to view a random entry.


Link to KYM discord

About

Discord is a chat application which allows users to create and join own VoIP and text channels. While initially created for online video game enthusiasts as a replacement for existing chat services such as Teamspeak and Skype, the service has since been adopted by a wide variety of online communities.

History

On March 6th, 2015, the Discord[10] alpha build was released by Hammer & Chisel, who had moved toward developing the chat application through YouWeb's 9+ incubator after releasing the MOBA game Fates Forever.[3] The service be accessed using Microsoft Windows, macOS, Android, iOS and Linux clients, or through a web browser interface.

Online Presence

On May 15th, 2015, the /r/DiscordApp[2] subreddit was launched. On March 20th, the official Discord Facebook[4] page was created. Meanwhile, the @discordapp[1] Twitter feed was launched, garnering upwards of 265,000 followers over the next two years. As of writing, the company advertises a network of over 25 million members worldwide.

Highlights

Notable Public Discord Servers

Controversies

Alt-Right

On January 23rd, 2017, BuzzFeed[6] published an article claiming that Discord had "found favor" with the alt-right, citing the /pol/Nation server on the platform. The following day, BuzzFeed published another article claiming that "Trump supporters" were pretending to be French on Discord to manipulate the 2017 French Presidential Election. On February 6th, Gizmodo[9] published an article titled "How a Video Game Chat Client Became the Web's New Cesspool of Abuse," claiming that the app was being used by the alt-right for harassment campaigns.

Child Pornography Copypasta

In late March 2017, a copypasta began circulating claiming that "a group of people" were joining Discord channels and sending mass private messages containing child pornography. In a post about the rumor on /r/discordapp,[8] Discord staff member Cilantrelle claimed the company was looking into the matter, and provided instructions on what to do if illegal activity is seen in chatrooms.

Phishing Scam

In mid-July 2019, a website containing an SQL dump of 2,500 Discord emails and passwords was released on the website Discordgg.ga.[12] On the site, a message was displayed claiming the logins were obtained through "simple old phishing site that utilized Discord's own moronic API" (shown below).


Information (moral: prevent CSRF on login endpoint): Well, it looks like we made a right mockery out of Discord and its idiotic users... How stupid do you have to be to fall for an obvious phishing website in 2019? This was no virus, worm or malware of any sort it was simple old phishing site that utilized Discord's own moronic API to hijack these occounts. I hope this was a lesson for all of you folks.. How did it work, and how Discord should've responded: In simple terms, all requests were proxied to Discord's own site, and then obfuscated JS was injected into the response. This JS took over the login form, and submitted its own API call to the login endpoint (to bypass Discord's IP detection), and the response sent back to our was server (including the session token used for valid API calls) We then had an outomated bot change the email and password of these accounts using Discord's own well-documented API endpoint, which simply required the aforementioned session token. This API call then provided us with o new session token, which we could later use to send out the phishing link via DMs. Discord decided to block our server's IP address from accessing their site, which stopped us for a good 10 minutes before we realised and proxied these requests via another server. Instead, Discord should've prevented CSRF on the API login endpoint, which would've stopped us in our tracks. What did we collect: As you can guess. many people tried to submit fake logins, over 200.000 of them. These were quickly filtered through, due to these not being proxied, or invalid takens were being submitted. All in all, a modest 2,522 valid logins were collected and 949 of them were then hijacked, and here's the dump: SQL DUMP

On July 18th, 2019, Redditor Lavendor06 submitted a post to /r/OutOfTheLoop[13] asking "What's up with the whole 'Discord getting nuked' thing?", to which several users cited the phished accounts. Additionally, the post contained a screenshot of a phishing message (shown below).


Yo, friend gave me a referral link to get Discord nitro for free http://discordgg. ga/nitro/redeem/nA94n19am D9a4 worked on my alt, but you can only apply one per IP So try it out:) If you already have nitro it will give you the next month free Discord Discord-Free voice and text chat for gamers Step up your game with a modern voice & text chat app. Crystal clear voice, multiple server and channel support, mobile apps, and more. Get your free server now! DISCORD

The following day, Vice[11] published an article about the phishing attack titled "Hackers Publish List of Phished Discord Credentials."

Search Interest



External References

Recent Videos 15 total

Recent Images 163 total


Top Comments


+ Add a Comment

Comments (52)


Display Comments

Add a Comment


'lo! You must login or signup first!