Users of the popular gaming chat site, Discord, have had their login information published online for anyone to see. The alleged hackers posted a message that stated, “This was no virus, worm or malware of any sort—it was simple old phishing site that utilized Discord’s own moronic API to hijack these accounts.” Along with that message, the hackers published the list that was split into two groups. One is supposed to be valid login credentials while the other is comprised of invalid logins. The invalid logins contain some clearly fake accounts as they use some strong expletives that are designed to provide the hackers with fake data. With some of the logins appearing genuine according to Motherboard, who took a random sample and attempted to login to Discord and were able to find valid Discord accounts. Discord has not provided a statement as of yet.
Analyst Notes
It is advised to never open attachments from anonymous senders and to be extremely cautious with any email from unknown senders. Users are recommended to never reply to an email that asks for login credentials and to have two-factor authentication enabled whenever possible.
