A group of hackers released a list of email addresses and passwords they claim phished from gaming chat platform users Discord earlier this week.
Although the list is tiny with only 2,500 logins, it still makes us alarmed that consumers of Discord need to stay vigilant about phishing.
“This was no virus, worm or malware of any kind— it was a straightforward ancient phishing site that used the moronic API of Discord to hijack these accounts,”
the hackers wrote in a message on their website.
Some of the supposedly valid approximately 2,500 logins appear genuine. Motherboard took from that portion of the dump a random selection of email addresses and attempted with them to generate fresh Discord accounts.
This was not possible in the vast majority of cases because the email address was already connected to a real and active Discord account.
Discord did not make a declaration to be published in time. Anyone may drop for a message of phishing. That’s why it’s best to be alert when someone sends you a connection to a site that asks you to log in and to make sure you have two-factor authentication enabled, so when logging in, you need to enter a code from your mobile.
This implies that even if a hacker succeeds in stealing your password, it will still be more difficult for them to actually enter your account.