Conversation

Man schreibt mir:

If you received an email from discord.com saying your account is disabled for a ToS violation, but the account is still functional, DO NOT CLICK LINKS IN THE EMAIL, EVEN THOUGH THE EMAIL IS CONSIDERED VALID BY YOUR EMAIL CLIENT..

The sample email shown is a phishing attack. Any/all of the links in this will redirect to a session token stealer, instantly compromising your Discord account.

Somehow Discord's email service has been compromised, allowing the attacker to send authentic emails from discord.com. The links in this email redirect to a separate, compromised page on a subdomain on discord.com. This allows JavaScript on the compromised page to obtain your Discord session token from browser localstorage and send it elsewhere. This applies even if you normally use Discord Desktop; Discord Web is used for server invite links to work outside of Desktop.

Yes, this means that official Discord emails cannot be trusted right now. If you receive an email from discord.com, always contact support instead of clicking links in the email.

Zusammengefasst:

• email service has been compromised
• compromised page on a subdomain on discord.com
• obtain your Discord session token from browser localstorage

Das wäre vorsichtig gesagt ein Totalverlust, und Discord wird da einige Mühe haben ihre Systeme zurück zu bekommen. Es lohnt noch nicht, die Paßworte zu wechseln, erst mal müssen die ihre Desinfektion durchziehen.

Aber klickt um Himmels Willen nix an wo Discord drauf steht.

EDIT: Bisher gibt es nur eine Quelle, es ist unklar wie real das ist, und Discord hat sich bisher nicht geäußert.

Dennoch ist ein wenig Vorsicht nicht falsch. Das mit dem nix anklicken und Support fragen ist sinnvoll.