Let’s talk about the recent Discord nightmare, shall we?
A couple weeks ago, the original The Company Discord community which had been thriving for nearly 5 years now, was burnt to the ground as a result of me getting my account compromised. This was thanks to the recent “Try my game” scam which I’ll get into more below.
Firstly, my account has always had a complex password and 2FA enabled, however that provided no protection in this instance, as others who have fallen victim to the hack can attest. Making matters worse, the person who approached me with the malware was a developer friend with whom I have been trading software tests and demos back and forth for years now. I had no reason to think this particular package would be any different.
My account was immediately hijacked and the server would be destroyed in front of me over the course of the next few days. Discord support was notified immediately, but it took a week for them to finally disable the account, at which point the damage was beyond repair. At this point, all I could do was cut my losses and rebuild the server with a new account. Of course I did this after running multiple clean virus and malware scans.
Then it all happened again.
My intention with this new account was to create a third account with less permissions than the ownership account, and use that one exclusively to engage with the server, using the ownership account only when necessary then logging out of it. Before I could even get that off the ground, my second Discord account was compromised. No links, no executables, just out of the blue.
I would learn through this experience that the malware actually makes changes to the software code of the Discord client, meaning any account logged into on that client would immediately become hijacked, and to make matters worse, no antivirus or malware software would ever detect that kind of change. I again contacted Discord support immediately, however this ticket is STILL wrapped up in their system.
I would encourage everyone to read about this malware here:
I spent last weekend reformatting my computer, opting to rebuild from scratch rather than restore from any backups. I have no doubt that the malware is gone completely from my system now.
The hijacked account took no actions on the server itself, so it was my hope that Discord support could resolve the incident and restore account ownership before anything catastrophic happened. Up until this morning, that was the case… Until it wasn’t.
The server was lost again.
A new Discord server has been built, and before the doors even opened Haseo and I have taken extensive measures to ensure security and stability moving forward.
First, the ownership account (The Company Admin) and the Discord server itself was created on an iPad just for that extra measure of paranoia. The owner account will only ever be logged into from a mobile device.
Second, my active account (Westane) as well as Haseo have been made account administrators, allowing us to keep each others’ action in check which being able to overthrow one another. If one of our accounts were ever to become compromised, the owner account can take immediate action.
This experience has been… not great… for both the development and PR team members, and even more so for the community itself. I understand that ours is not the only community that has fallen victim to this particular attack, go check out the discordapp subreddit sometime, but I’m still beyond sorry that I allowed it to happen to us regardless.
With that said, we will not go quietly into the night! The new (and final goddamnit!) Discord server is up and running and you can all find it here!