(WARNING)Compromised FFXI Discord Accounts |
||
|
|
(WARNING)Compromised FFXI Discord Accounts
Good morning everyone,
I was informed that some members within the FFXI Discord community have been getting their Discord accounts hacked by clicking a suspicious discord link from their friends. If you get this discord link, do NOT go to it. I do not know how far it has spread yet, but I wanted to warn people. - Senaki  
[+]
JUST A JOKE
[+]
Why cover the name of the account people should ban?
[+]
Asura.Bippin said: » Why cover the name of the account people should ban? Because they are good friends of mine and for their privacy. But from what I hear, this is infecting ffxiv as well so it won't be localized anyway to 1-2 accounts. Also player warnings are against ffxiah rules.
[+]
Good rule to not use the name regardless. It won't be sent by the same person anyway.
Knowing who means nothing. Knowing what means everything.
[+]
Odin.Senaki said: » this is infecting ffxiv as well 
[+]
I don't use discord but how can clicking an invite link lead to your account getting hacked? Unless it's a fake link and it's just a link to something else?
ty for the warning about it, the general rule of this should actually be like opening emails. If you don't know the sender or you weren't expecting the content to begin with, just delete it.
Don't open suspicious emails and certainly don't open strange links regardless of it being in discord or not.
[+]
There has to be extra steps here. Clicking an invite isn't enough to lose your account. Either they downloaded something after joining that server or there is a massive vulnerability in Discord.
This also isn't a specific issue to FFXI or any game. Trust nothing on Discord if it's not an official link (discord.com, discord.gg), or going to a trusted site. If someone, even someone you know is asking you to download something, be immediately skeptical. Trust nobody implicitly.
[+]
Odin.Stayfresh said: » Has anyone ever seen a discord invite with more than 8 characters? Any time I’ve created a link or been sent one, it has always been a combo of 8 letters/numbers. First thing I noticed was that one has 10. 8 is for temporary links, 10 is for permanent links.
[+]
My tin foil hat has activated... interesting.
Quote: There has to be extra steps here. Clicking an invite isn't enough to lose your account. Either they downloaded something after joining that server or there is a massive vulnerability in Discord. I'd also like to know how clicking a discord invite link can get your account hacked. I thought client / server data was separated to the point that invite links shouldn't pose a threat. How does joining a server enable account hacking? All I know is, people who have gone to the discord in that link have reported getting their accounts hacked.
And the discord link is being spread by said hacked accounts. Beyond that, I don’t have any information on the mechanism behind how the hacking works. —- One friend told me as soon as he Clicked the link, the discord app on his phone went ‘weird’ and then he realized he had gotten hacked and reset his password. Probably the good old QR code trick...
  Asura.Daleterrence said: » there is a massive vulnerability in Discord. Always has been. The way these servers work is as such:
- you click on the invite and enter the server - the server lands you on a welcome channels that says "to access all channels and all content you need to validate your account. to validate your account scan this QR code with the mobile app" - every 30 to 60s, one of the admins sends a message in the welcome channel: "@everyone validate". after 30-60s, they delete the message and send it again. rest is the same: soon as you validate the bot logs into your account, changes your password, and spams every channel of every server that you're in with the invite link, fishing for other people. Links in big public discords generally get you banned, but smaller, small-group-centered discords, the likes of which there's a million, are a big source of new hax since there's a stronger layer of implicit trust if you see your buddy say "guys check this out, I won't tell you what is it to not spoil the surprise". So, the people who got hacked, well, they really wanted to see those underage anime boobs. Or they were really high. Or both. No kinkshame, but eh. mhomho said: » Asura.Daleterrence said: » there is a massive vulnerability in Discord. Always has been. People don't count as a vulnerability in this respect. Lili said: » The way these servers work is as such: - you click on the invite and enter the server - the server lands you on a welcome channels that says "to access all channels and all content you need to validate your account. to validate your account scan this QR code with the mobile app" - every 30 to 60s, one of the admins sends a message in the welcome channel: "@everyone validate". after 30-60s, they delete the message and send it again. rest is the same: soon as you validate the bot logs into your account, changes your password, and spams every channel of every server that you're in with the invite link, fishing for other people. Links in big public discords generally get you banned, but smaller, small-group-centered discords, the likes of which there's a million, are a big source of new hax since there's a stronger layer of implicit trust if you see your buddy say "guys check this out, I won't tell you what is it to not spoil the surprise". So, the people who got hacked, well, they really wanted to see those underage anime boobs. Or they were really high. Or both. No kinkshame, but eh. Okay I figured there had to be a step there which involved people doing something stupid, painful lesson to learn I guess.
[+]
I've never been asked to authenticate myself via a QR code to any discord server I've joined, and I've been invited to quite a few over the years. Servers can require you to have certain roles to gain access to specific channels, which lets server admins set up a hierarchy for group leaders and group members, but they don't authenticate via QR. If I ever saw that extra step I'd be immediately suspicious. But this is the first time I've heard about this and I appreciate the information. Thanks for sharing.
[+]
Asura.Melliny said: » I've never been asked to authenticate myself via a QR code to any discord server I've joined, and I've been invited to quite a few over the years. Servers can require you to have certain roles to gain access to specific channels, which lets server admins set up a hierarchy for group leaders and group members, but they don't authenticate via QR. If I ever saw that extra step I'd be immediately suspicious. But this is the first time I've heard about this and I appreciate the information. Thanks for sharing. I joined one for school once that asked me to enter my school email into a bot for ‘verification’. Fortunately, I think this WAS just for verification. Lol I have recently been told by 2 separate people that all they did was click on the discord invitation link to get hacked.
I do not know the mechanics behind how clicking a discord invite can get you hacked. But I do trust the sources. Odin.Senaki said: » I have recently been told by 2 separate people that all they did was click on the discord invitation link to get hacked. I highly doubt this. If there was a way to "hack" discord account just by clicking an actual join link it would be more widespread. More likely they are clicking on links made to look like a join link or clicking on something else after joining a server. drakefs said: » Odin.Senaki said: » I have recently been told by 2 separate people that all they did was click on the discord invitation link to get hacked. I highly doubt this. If there was a way to "hack" discord account just by clicking an actual join link it would be more widespread. More likely they are clicking on links made to look like a join link or clicking on something else after joining a server. Idk, you might be right. Ya know what.. everything = sus
Run with that and a yellow light =) |
|
|
All FFXI content and images © 2002-2025 SQUARE ENIX CO., LTD. FINAL
FANTASY is a registered trademark of Square Enix Co., Ltd.
|
||
