Over 150 million people use Discord, based on a Quartz report from July (unfortunately, the report’s paywalled). Imagine tapping into that 150 million people, stealing their data and using it for malicious purposes.
Just today, VTuber Kitsui Akira had her Discord account stolen without her noticing. Taking into account that she doesn’t click on anything malicious and all, her account’s still stolen.
In just a matter of mere minutes, you can get logged out of Discord and then have your account stolen. This IS dangerous.
Just how do we secure our Discord accounts?
According to Discord’s Safety page, there are Four Steps to a Super Safe Account:
- Secure your account by choosing a secure password and enabling two-factor authentication (I’ll add some extra tips to this at the end of this post).
- Set your privacy & safety settings so that Discord an automatically scan and delete every direct message you receive that contain explicit media content.
- Follow safe account practices by continuing to not click on suspicious links without knowing it’s safe; by reporting any accounts who claim to be Discord staff to its Trust & Safety Team, and by never giving any account information that can identify you and your account which makes you much prone to socially-engineered theft.
- Block other users when needed, especially at the first sight of their phishing DMs.
Nuclear Option: Just don’t let anyone send you anything
As an added bonus for fellow paranoids like me, I am adjusting my privacy settings so that I won’t receive any message from any server ever. I’ve received unsolicited DMs from bots I don’t know, with malicious links on it, which leads me to choose the nuclear option.
I’m also setting my Discord account’s privacy settings to only allow me to add friends. By this, I mean your friends can’t send you friend requests. This will make you more accountable on the Discord friends you add on your list.
Scroll over these privacy settings on your Discord, and if you want to take one step further, just disable all options there.
I suggest keeping these settings for now, especially in these times where rampant coordinated socially-engineered phishing cybercrimes committed by computer crackers are the talk of the town.
Discord can’t do this on their own: It takes two to tango, and as users we are accountable to do our reps ourselves.
Now, if you’re that paranoid and these options don’t work, tell your trusted friends that you will no longer use Discord. I don’t kid you, you’ll probably need another messaging app, as Discord is meant to be IRC on steroids (as described by a Redittor).