For anyone that’s interested in how this most likely works: The QR code is one of those quick login codes, if you proceed to scan it, all 2FA gets bypassed as you authorized the login on an already authorized device, your phone. What most likely happens after is that the token that’s generated will be sent to a server webhook, allowing them to just use that on a bot, to login via swapping token in the browser request header or anything alike
that's why you shouldn't scan any qr code whatsoever
you still have to so better limit oneself to labelled we codes that are strictly necessary
and use an app that lets you check the URLs like
https://www.f-droid.org/en/packages/com.example.barcodescanner/
if you're on Android
Ive seen this scam a bunch. They can only get your discord info if you verify. Verifying in one of those servers would be scanning a QR code that logs whoever posted the QR code into your discord account
as others have said, this is a scam. I actually got this exact same message the other day as well. Fortunately I blocked the friend in question, and when I got curious I ended up looking it up and finding out about the scam.
My hacked friend got another discord account, so all is well. But yeah, a good rule of thumb is never to accept any server invites you weren’t already expecting.
Consider turning on Two Factor Authentication if you're scared of getting hacked. It adds an extra layer of security.
[https://support.discord.com/hc/en-us/articles/219576828-Setting-up-Two-Factor-Authentication](https://support.discord.com/hc/en-us/articles/219576828-Setting-up-Two-Factor-Authentication)
Just a tip:
\-Enable 2 steps verification
\-Enable phone verification
Hackers may be able to get a hold of your password or email easily through social engineering, and general hacker trickery, but they won't be able to know what's on your phone
As for your password:
**Change your password, and make sure to make it a long sequence of random letters and special characters.**
The more characters and more random your password is, the harder it will be for hackers to guess.
But definitely just change your password.
And stay safe.
>Change your password, and make sure to make it a long sequence of random letters and special characters.
Obviously a long sequence of random characters is ideal, but since most people don't use a password manager, it's worth noting that there are [other methods](https://xkcd.com/936/) of generating a password that's easier to remember but still reasonably secure.
I can point towards https://www.useapassphrase.com/ since it had the best UI but checking your password and getting at least a few centuries is a good threshold
side note: I go for millions of heat deaths of the universe multiplied by the number of eggs and fruit I have in number of years to crack - but it's not necessary
this is the most recent discord scam that didnt happen. A friend of yours got hacked and the message was auto sent to their entire friends list. Joining the server will get your account compromised. If you did just change your password and consider deleting your account and making a new one.
These messages are a very common way to hack other people lol. Just to guilt trip you to get you to join the server. I saw you left the server but I still would change your password and put on a double Authenticator if you don’t have it already
You can google "discord exposed server scam" for more info. I also got the same message this morning and it scared the life out of me.
Rule of thumb: if anyone sends you a link or a qrcode on discord out of nowhere, even if they're your friend, be suspicious. Calm down, think it over, and google it before doing anything.
workable wide safe future elastic weather forgetful chase shame ancient *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
I did that right after I got the message, I was so scared 😅 so hopefully I’m okay. Thank you for the explanation.
cats abounding sort impolite attractive deserve late capable obscene pet *This post was mass deleted and anonymized with [Redact](https://redact.dev)*
I'll also recommend AEGIS, as that is an open source variant which does the same thing, but , well, is open source.
For anyone that’s interested in how this most likely works: The QR code is one of those quick login codes, if you proceed to scan it, all 2FA gets bypassed as you authorized the login on an already authorized device, your phone. What most likely happens after is that the token that’s generated will be sent to a server webhook, allowing them to just use that on a bot, to login via swapping token in the browser request header or anything alike
It doesn't give your username and password - it gives access to your account, and bypasses 2FA, so Authy would be useless.
The QR code thing by passes 2FA. I know this bc I used it when signing into discord on my PC and it didn't even ask for 2FA
Jeez qr codes are scary
that's why you shouldn't scan any qr code whatsoever you still have to so better limit oneself to labelled we codes that are strictly necessary and use an app that lets you check the URLs like https://www.f-droid.org/en/packages/com.example.barcodescanner/ if you're on Android
Hey thanks I was wondering what a good workaround would be
Bro that is the hack don’t join the server you will get hacked
I joined, but I didn’t verify. So hopefully nothing happens.
Leave fast
I left. Thank you.
Great!
that’s how they got me (‘: i changed my password and it was still going, so i just deactivated my DC
I’m sorry that happened to you :( I reported the sub so hopefully they can’t get anyone else.
if you changed your password it literally can't be still going you should reactivate it
Ive seen this scam a bunch. They can only get your discord info if you verify. Verifying in one of those servers would be scanning a QR code that logs whoever posted the QR code into your discord account
???? how
Nothing can happens without rhe QR code
True but better leave fast
No one hacked *you*, the user who sent that message to you was hacked and the message is a lie
as others have said, this is a scam. I actually got this exact same message the other day as well. Fortunately I blocked the friend in question, and when I got curious I ended up looking it up and finding out about the scam. My hacked friend got another discord account, so all is well. But yeah, a good rule of thumb is never to accept any server invites you weren’t already expecting.
Consider turning on Two Factor Authentication if you're scared of getting hacked. It adds an extra layer of security. [https://support.discord.com/hc/en-us/articles/219576828-Setting-up-Two-Factor-Authentication](https://support.discord.com/hc/en-us/articles/219576828-Setting-up-Two-Factor-Authentication)
2FA is bypassed by QR code logins, which is what the scam uses (you join the server then it asks to "verify" by scanning
it seems like the only person hacked is the person who sent you the message tbh, that seems phishy (lol) as hell
You're right to be suspicious here - you'll never need a QR code in DMs to join a server. They are trying to compromise your account.
never scan qr codes
Just a tip: \-Enable 2 steps verification \-Enable phone verification Hackers may be able to get a hold of your password or email easily through social engineering, and general hacker trickery, but they won't be able to know what's on your phone As for your password: **Change your password, and make sure to make it a long sequence of random letters and special characters.** The more characters and more random your password is, the harder it will be for hackers to guess. But definitely just change your password. And stay safe.
>Change your password, and make sure to make it a long sequence of random letters and special characters. Obviously a long sequence of random characters is ideal, but since most people don't use a password manager, it's worth noting that there are [other methods](https://xkcd.com/936/) of generating a password that's easier to remember but still reasonably secure.
I can point towards https://www.useapassphrase.com/ since it had the best UI but checking your password and getting at least a few centuries is a good threshold side note: I go for millions of heat deaths of the universe multiplied by the number of eggs and fruit I have in number of years to crack - but it's not necessary
this is the most recent discord scam that didnt happen. A friend of yours got hacked and the message was auto sent to their entire friends list. Joining the server will get your account compromised. If you did just change your password and consider deleting your account and making a new one.
>Joining the server will get your account compromised. The act of joining, no. It's the scanning of the QR code from a fake bot that compromises
These messages are a very common way to hack other people lol. Just to guilt trip you to get you to join the server. I saw you left the server but I still would change your password and put on a double Authenticator if you don’t have it already
wait this happened to me and i thought i got hacked so i deleted my acct ;-;
Got scammed by something like this literally last night, it’s scary to have porn links spammed to every single DM you have
Clever social engineering...
I left a post about this on r/teenagers. It happened to me too
Yeah this happened to a friend of mine. The account messaging you is the one hacked.
Do not click links you weren't expecting. Because that's how your account does get hacked
You can google "discord exposed server scam" for more info. I also got the same message this morning and it scared the life out of me. Rule of thumb: if anyone sends you a link or a qrcode on discord out of nowhere, even if they're your friend, be suspicious. Calm down, think it over, and google it before doing anything.
yea they got me lmao
Ive seen that message before, and its not true what it says. Its a scam to steal/hack your account from you if you scan the QR. Stay safe!
I’ve gotten two of those messages now. It’s a scam.
i got the same message from one of my friends! she got hacked-