This information can be used against you to access even more personal information, steal assets, and even lead to identity theft, and attackers attempt to accomplish these things in many different ways. The Discord QR code login exploit is an example of social engineering, the use of deception to manipulate others into sharing sensitive personal information. So, if someone ever messages you with a QR code, DO NOT SCAN IT! Remember that many targeted cyberattacks-big and small-are often set in motion by one’s conscious decision to take a certain action.īefore you click or scan ANYTHING, consider if you’re about to be a victim of social engineering. I highly recommend reading this articleand this article, as they provide valuable insight into the issue & how it can affect you (check out this Twitter threadas well, which includes a video example of what happens).
In doing so, the user inadvertently gives the attacker access to their own account.īecause users are able to sign into their accounts via a QR code to bypass the two-factor authentication (2FA) login process, this is a serious threat to online safety.Īlthough the Discord system asks you confirm your login when scanning a QR code, all it takes is mistakenly confirming/overlooking the notice in order to unknowingly grant unauthorized access.
The security breach was the result of a “ Discord QR code login scam”, in which the attacker attempts to convince a user to scan a QR code given to them. As of now, the compromised account has been recovered and secured.
Any confidential DMs and other communications accessible via the breached account have also likely been compromised, and it is anticipated that the perpetrators plan to spread their contents. It is also worth noting that this is not believed to be an attack on the Club Penguin Army community as a whole.Įspecially because a member of Higher Command was targeted, the effects of this extend beyond the Discord server itself. In addition, about 800 server members were pruned/kicked. The ACP Discord server itself has been secured, but sustained damage consequent of the security breach. As you may already know, today the Discord account of one our Higher Command officers was compromised in a targeted attack with the intention of dismantling our community.
0 kommentar(er)
