I have been trying to make people aware of it and I have been tracking and trying to do OSINT on these people for 12 hours straight.
A group called R0Y4LTY published a dump of 2,522 valid @discordapp credentials on discordgg[.]ga. They even took the time to explain how they stole this data... #Discord: Please do the needful in order to protect your userspic.twitter.com/8Qr0cC2eOX
-
-
-
This data has also affected people. 49 - Servers Nuked 475 - Members Banned 3668 - Channels Deleted.
-
Interesting. What are theirs motivations?
-
The group R0Y4LTY, started a phishing campaign and people fell for it. They used CSRF on the API Login. Discord blocked the API for the phishing server but they used another server. Their motive was to prove a point that Discord and it's users are morons.
-
As for the server deletion and the users affected, it was another group that scraped off the tokens off of the dump. They used the tokens to abuse administrative permissions to delete servers, channels, and ban members. Me,
@TheCyberViking and@AlanTheBlank were tracking this. End of conversation
New conversation -
-
-
I mean he is right, who falls for that kind of phishing in 2019? You really need to be kinda stupid
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
- Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
- Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
How would csrf protection on login have prevented this? Discord really *should* have protection, but that seems unrelated to the described scenario, which they seem to have handled correctly.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
- Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
- Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.