Discord account hacked

Kastchey · Sat 20/04/2024 08:40:56

Hey everyone,

My Discord account got hacked. Please don't reply to anything you receive from me, until further notice.

For the safety, you might want to remove me from your friend list, too.

Thanks!

Dualnames · Sat 20/04/2024 11:06:46

And apparently, i got hacked too because of it.

Danvzare · Sat 20/04/2024 12:24:47

Oh my, I hope you manage to get it sorted out soon.

Do you know how it might've happened?

eri0o · Sat 20/04/2024 13:21:31

I am curious about it too, and also if using two-factor auth helps or not (I've seen apps that had session hacks that bypassed any login as long as the session token was valid)

edmundito · Sat 20/04/2024 18:29:33

@Kastchey, it looks like you're back on Discord. Can you tell us how you got into this mess so we can prevent it?

@eri0o, it seems that 2FA does not help because the tokens are getting hijacked. Just don't trust friends who send you things. In any case, I did change my credentials and added 2FA.

Kastchey · Sat 20/04/2024 19:18:10

I'm back on Discord, but with another account. The main one is still in hands of the account thief, so stay on guard.

The thief got lucky by hitting the right moment with the right account from a familiar server (not AGS). I was expecting someone to send me something, and the file they sent didn't trigger any alarms (I did scan it with anti-malware and anti-virus, both reputable and up to date).

The fact that the threat may (and often will) come from a source you trust makes it a whole lot more dangerous.

Same happened with Duals I guess, we share links and files every now and then, so he could have easily thought it was legit.

2FA helps, but it's not a guarantee so don't rely on that. Same with anti-virus software. Sometimes it will detect a threat, sometimes malware will slip through defenses.

I guess the only way to protect yourself is always triple check if you are really speaking with the person you know. Even if the person fits the profile and had sent you safe files or links before. Ask questions and if something feels off, confirm via another channel, like email or another social platform.

Don't rely on technology to protect you.

eri0o · Sat 20/04/2024 20:58:22

Quote from: edmundito on Sat 20/04/2024 18:29:33@eri0o, it seems that 2FA does not help because the tokens are getting hijacked. Just don't trust friends who send you things. In any case, I did change my credentials and added 2FA.

That's a good call. This reminds me if anyone is wary of someone sending an AGS game, remember you can run others AGS game with a run-time, ScummVm or agsjs - I may need to update the website to the latest version but anyway it usually works.

Crimson Wizard · Sat 20/04/2024 21:14:36

Quote from: eri0o on Sat 20/04/2024 20:58:22That's a good call. This reminds me if anyone is wary of someone sending an AGS game, remember you can run others AGS game with a run-time, ScummVm or agsjs - I may need to update the website to the latest version but anyway it usually works.

That is true, but always remember that danger may also come from plugins. You can never tell what plugin does. It may have a standard plugin name, but hacked to do something else.

OTOH there's a super dangerous ags_shell plugin, which should not exist at all, in my opinion, because it allows to run almost any Windows command (at least the old one did, idk if there have been any safer rewrites).

For this matter, any ags game should never be run with administrator rights.

Snarky · Sat 20/04/2024 21:19:07

I was contacted by "Kastchey" when the account was hacked, but the whole interaction raised some red flags straight away:

Quotehii
> ...
how are u?
> ...
good
do u have a 5 min?

I don't know if the hackers can read the past message history, but that's not a very good Kastchey impression.

eri0o · Sat 20/04/2024 21:53:36

Quote from: Crimson Wizard on Sat 20/04/2024 21:14:36That is true, but always remember that danger may also come from plugins. You can never tell what plugin does. It may have a standard plugin name, but hacked to do something else.

OTOH there's a super dangerous ags_shell plugin, which should not exist at all, in my opinion, because it allows to run almost any Windows command (at least the old one did, idk if there have been any safer rewrites).

For this matter, any ags game should never be run with administrator rights.

ags_shell is terrible I am sorry for having resurrected it, but this is why I made the safer agsappopenurl (or whatever I named it) that can only be used for open a website in the browser. But anyway, I also do just remove plugins when running a game as this usually works alright - or I run with my own builds of the plugins.

Crimson Wizard · Sat 20/04/2024 21:55:58

This gave me an idea, maybe we should add a command line option for the engine to ignore plugin files and go straight to stubs.

E.g. "--no-plugins".

eri0o · Sat 20/04/2024 22:08:26

Oh, yeah, that would be a nice one

Kastchey · Sun 21/04/2024 08:47:56

Quote from: Snarky on Sat 20/04/2024 21:19:07I was contacted by "Kastchey" when the account was hacked, but the whole interaction raised some red flags straight away:

Quotehii
> ...
how are u?
> ...
good
do u have a 5 min?

I don't know if the hackers can read the past message history, but that's not a very good Kastchey impression.

That is a very good point. If you know someone well enough to recognize their expression patterns, you're already well equipped to detect a red flag.
And if you don't know the person that well, you should probably not click or download anything they send you.

In practice, it may not be that easy because scammers may coincidentally speak in a fashion that's not very far off from the person they are pretending to be, or use some cunning social engineering tactics that just happens to strike the right chord. But it's a good question to ask yourself the moment you receive something from someone.

Snarky · Sun 21/04/2024 12:03:17

Yeah, there's clearly a large component of random chance in whether an approach will seem plausible or not. It's like those "Hey, I lost my phone and now I'm stranded without money, please help!" scams. 99 times out of a hundred they'll be an obvious lie, but every now and then the real-world context will match up well with the story, and the target can be fooled.

And scammers have already started using ChatGPT and other AI tools (including voice cloning and even video facechanging) to mimic the person being impersonated, so we can't rely on recognizing the person we're communicating with in any case.

Dualnames · Sun 21/04/2024 13:56:03

It is what it is. Things are slowly returning to normality, have not received my account back nor will I ever it seems.

Danvzare · Sun 21/04/2024 16:58:08

If the virus copies your session tokens, it might be a good idea to change the passwords of every account you're currently logged into.

By the way, thanks for telling us what happened.

Kastchey · Mon 22/04/2024 15:42:00

Quote from: Danvzare on Sun 21/04/2024 16:58:08If the virus copies your session tokens, it might be a good idea to change the passwords of every account you're currently logged into.

Already did. Formatted my entire PC, too.

Quote from: Danvzare on Sun 21/04/2024 16:58:08By the way, thanks for telling us what happened.

Sure. It's embarrassing to openly admit to being scammed, but I wanted to alert everyone whom the thief might be reaching out to, as well as raise the general awareness. As a game making community, we are extra vulnerable because we do share files as part of our hobby. Or work, in case of some.

I'm still gutted that I didn't manage to get through to Dualnames before the "hacker" did. I hope everyone else is safe.