The published list included around 2500 email addresses and passwords belonging to Discord users.
Hackers who published the list said that these credentials where phished from the users.
What is the matter?
Hackers have published a list of valid login credentials phished from users of the gaming chat platform Discord.
What does the list contain?
The published list included around 2500 email addresses and passwords belonging to Discord users. Hackers who published the list said that these credentials where phished from the users.
“This was no virus, worm or malware of any sort — it was simple old phishing site that utilized Discord’s own moronic API to hijack these accounts,” the hackers wrote in a message on their website, Motherboard reported.
Along with the message, the hackers posted a database containing phished credentials, split into multiple sections of those that are valid and invalid credentials.
Motherboard verified the validity of login credentials and randomly selected a few email addresses in order to create new Discord accounts. However, this was not possible because the email addresses were already linked to an existing active Discord account.
What should you do to stay protected?
- It is always best to never open any email or attachment received from anonymous senders.
- Researchers recommend to not reply to any email asking for login credentials.
- It is also recommended to use two-factor authentication while login.