Discord Hacked!

EDIT: tl;dr - new temporary Puppygames Discord here.

Unfortunately we fell for a crafty ruse last night, the end result of which was completely losing control of our Discord servers (both private and public ones), and the total loss of my Discord account. (I say "we", but really, "I" fell for it).

Unfortunately this means the hacker is now masquerading as me on Discord, and Discord support are 100% useless at dealing with this sort of thing. For starters it was supposed to be protected by 2FA, which totally failed. Ditto Epic Games Store, which is also protected by 2FA, but fell instantly to the hacker, and Epic aren't sorting anything out with any degree of urgency, either. Steam seems to have survived.

What's The Hack?

The hacker slides into your DMs and appears to be someone you either know or think you know. In the case of Puppygames, that's now going to look awfully like me trying to talk to you. It isn't me! It's the hacker. I no longer have a Discord account.

After a bit of convincing chit chat they will then try to get you to test something for them. In my particular case it led to a legit-looking itch.io page with a game on it.

The game is of course not a game, it's a Trojan that installs a rootkit and keylogger and instantly hijacks any running Discord session, along with Steam, and Epic, and probably others. If I'm really unlucky it's stolen my browser password cache too, so I've been up all night changing passwords for everything of significance.

The fact that Discord and Epic both allow changes to the 2FA settings without going through 2FA is pretty shocking, but not entirely unexpected, as most systems analysts are in fact entirely incompetent at security.

Anyway ... I think that might be the end of the road for using Discord, and we'll probably revert to using Patreon, Steam forums, or our own server once more. Watch this space. And Twitter.