Slack January 31, 2022 Phishing attack Hijacks Discord user Accounts


Phishing attack Hijacks Discord user Accounts

This News article is over 30 days old. As a result, information supplied in it may be out of date.

Earlier today many Discord servers made the announcement that a phishing attack was being carried out in Discord DMs. Many users reported that they were messaged by members of Discord servers that they already know and trust. The DM asks the user if they would be willing to playtest a game. Soon, a link to the malware is sent to the user resembling a .rar file. Clicking the link then hijacks the user’s account.

Presumably this attack is similar to a previous piece of malware that was distributed through DMs several months ago. In essence the program reads a file in your computer’s directory that contains your Discord API Token. With that token, they are able to access your email and change your password. They may also access any stored payment information to purchase Discord Nitro or Server boosts. The now newly hijacked account can also now repeat the process of DMing others.

Reports say that a developer’s account was hijacked this way. It is not currently known how widespread this attack is as reports are still coming in.

We advise anyone using Discord to enable 2FA on their accounts with a phone number you own. We also advise you to be wary of links sent in even if you may know the person sending them.


A purveyor of the written word. My speciality is story-crafting but I dabble in other interests from time to time. Speaker of six tongues, master of only one.

Notify of
Inline Feedbacks
View all comments

You must be logged in to upload content to

Login | Register