Discord managed to create a working YouTube view bot in 2024 by playing their loot box announcement trailer on loop in the background of the in-app toast 🙃
This is false information. The scam works like this: The image doesn't load, so you open it in your browser and get prompted to log in on a fake login page, you enter your account credentials and then the scammer gets your account.
Discord is not vulnerable, YOU are.
⚠️New Discord Hack Technique⚠️
If you received a DM with a picture not loading;
DO NOT OPEN IT !
It will steal your Discord session Token and let the hacker change your password and use your account freely
The A2F does not protect against !
Report suspect activity to admins
@ArtBackslash
No, they are just embedding a normal iframe, but from my own research embedded video views do actually count to the view count. Would figure that YouTube will dedupe the view count later though
PSA:
@streamlabs
has a security vulnerability which lets people take over your linked YouTube/Twitch channel. Immediately unlink your YouTube/Twitch channel to avoid being affected.
tfw a shitpost you made to post in a memes channel on discord now gets spread as "datamined" information. this is blatant misinformation. it's not real. it's fake. don't claim it's "datamined" when you don't even provide a source.
@Arae__1
It's not an official server run by Discord, they just happen to be in that server and the server staff gave them an employee role which just happens to still have the old logo as the role icon
@RealBlackout03
@stovepip3
You are correct. Just checked myself. However, the views are coming from idle clients that are likely not going to update the app any time soon so this will go on until the April Fools joke self-destructs in their client at 12am Californian time
@t3dotgg
@honeypotio
Seems pretty reasonable for them to do. You added roughly 18 minutes of chit chat to a documentary that's 78 minutes long. You added ~13% of your own content to it. This isn't very transformative and doesn't count as fair use. If they want you to take it down, that's fair game.
@streamlabs
To further elaborate on this, there have been several streamers who have been taken over by a certain "Kotik Detektiv" or better known by their old alias Garkolym. All affected streamers had the same thing in common: they used StreamLabs for donations.
@Lylons
@discord
Super bad for accessibility. Super hard to navigate and probably just annoys people with screen readers that have to listen to "ghost emoji general" instead of a plain old "general".
Below you can see a video of them doing their little "hack" on the YouTube channel "TimeDeo". All the information displayed in their little dashboard does match the information StreamLabs asks for when linking your account to their dashboard.
@bliaml
@33YYYYYYY
Your friend has no idea what they're talking about. In Discord's case their process is completely automated as is the case for any larger platform
@jimmylongnoseYT
Discord API, an unofficial server that was started before there was an official server to discuss Discord bot development stuff and all that.
@pauIsack
@The_Cheese404
@SteeveTM
@ranger_houston
@OrdinaryGamers
It's perfectly reasonable to assume you both met in high school and then you simply graduated because you're two grades higher than her.
Besides you don't have to go to school until you're 18 in Germany, you can already start working at 16
UPDATE:
@streamlabs
has silently fixed the security vulnerability in the last 2 days whilst publicly claiming it never existed. The exploit worked by grabbing your YouTube/Twitch account oauth2 access tokens that Streamlabs just openly shared on the alert box page you add in OBS.
PSA:
@streamlabs
has a security vulnerability which lets people take over your linked YouTube/Twitch channel. Immediately unlink your YouTube/Twitch channel to avoid being affected.
I love how the second entry when you search for "MEE6" in
@discord
's application directory, is a bypass for a premium feature in MEE6. Serves them right.
If you want to know about actually datamined information, feel free to follow
@DiscordPreviews
where I post about actually datamined stuff as soon as it's been added to Discord's app/client.
@ZjaranyDzem
@panley01
One of the NPM packages used in the bot contains the malware and gets automatically executed on your device as soon as you install the bot's dependencies (through a post install script). Still a user fault technically, but it's not something you will immediately think about
@RiekeOben
@jreichelt
@Maurice_Conrad
@welt
Das ist jetzt auch nicht zu verwunderlich, da man dort nur abstimmen kann, wenn man den Artikel auch lesen kann. Dafür braucht man aber ein WELTplus-Abonnement, was sich natürlich nur Menschen kaufen, die die gleiche Meinung, wie die WELT teilen.
@PolarStar64
@kurobutt
Would you care to showcase some of those "MANY" vulnerabilities? I'm pretty well informed when it comes to all things Discord and I haven't heard of any vulnerability that hasn't been addressed yet. Regarding Discord's support, here's what Discord's backend infra lead has to say:
@cook1e0
@Son_Of_Elendil
@t3rr4dice
Hello, I'm the CEO of Twitter and I would like to point out that it's by no means unreasonable to claim you are the CEO of a company.
If you need proof of me being the Twitter CEO I'll gladly delete your Twitter account. Cheers, the Twitter CEO.
@Lunascaped
@PolarStar64
@kurobutt
You seem to be misunderstanding how authentication works. There always has to be some kind of token to tell Discord that you're authorized to make a request. If this token doesn't bypass 2FA, you'd have to enter your 2FA code for every little action you do on the platform
@TheKasodus
@discordapp
Discord hates Roblox players because they were abusing Discord's API, maybe they detected Roblox on your PC and denied you from getting this free gift.
@t3dotgg
@honeypotio
I'm aware other content creators do reaction videos like these too but when the original content creator asks them to take it down, they do take it down, no questions asked. If they wanted to DMCA you for it, they could. You should be happy they wanted to resolve this privately.
I've reported a security vulnerability to
@teamguilded
which allows me to grab the IP of any user on the platform by merely sending a message. This was a month ago. I have yet to hear back from them. At least they didn't delete my account for reporting sec issues in the past 🙂
@eepyeriri
@BlueberrySpark2
@brintrevised
You should be offended. Opera GX posts utter garbage cringe, so to put their cringe on the same level as "gay shit" is very much offensive.
@jasoncitron
@YangCLiu
Ye ye, trying to cover up the fact that
@discord
is just a Guilded clone, I see! Discord is such a total rip-off, it's so blatent obvious (I'm being sarcastic for anyone that can't tell)
@Ludacy_22
@AsycLoL
I understand where you're coming from but I sincerely believe that Twitch is not the platform for this kind of content especially considering the majority of their users are minors that get suggested these streams. If they fix the age hating properly, then I wouldn't care. 1/2
@blackhawk2306
@DiscordPreviews
It's just another type of attachments. So if you don't want voice messages you will have to deny attachments as a whole.
@Eevee_Sophie
From what I've heard, this was just a bug introduced by an employee who added the "Try Nitro" section. They simply wrapped all the existing Nitro-only fields and didn't have the pronoun experiment enabled, so they didn't realize they were including the pronouns field in there.
@snowhazee
Statement? Entweder kennt sich dein Websiten Developer echt nicht damit aus, wie man eine Slideshow macht oder ihr mined Cryptocurriences.
#BUSTED
@Lunascaped
@PolarStar64
@kurobutt
to get a new token. However I can tell you that Discord is currently working on reworking the authentication system to a session approach which will allow you to see any suspicious logins to your account.
do not under any circumstances post this tweet on discord. you've been warned.
<:g1:759140257798160475><:g2:759140257986773081>
<:g3:759140257760280607><:g4:759140257986773000>
<:g5:759140257941160026><:g6:759140258100281344>
@LucidiesArt
@geomijulpod
@YoukneeKin
@radialasymmetry
It's not theirs, it's a shitpost I made a while back and posted in a memes channel and people started taking it seriously. Doesn't matter though, it's not real and most definitely not datamined information, it's misinformation.
@LiteMods
@discord
They're already dealing with servers that call for violence, which includes pro-Russian servers. It's not like you could do much to make them do more because they're already doing something about these servers
I've had respect for every decision Discord made till now, no matter the features they added, no matter how many people had an issue with it because ultimately there was a use for it in the end. However adding NFTs and crypto to a platform for primarily teenagers is not something
@ArueAri
@dankmemerbot
They did, they simply fucked up to correctly implement the `allowed_mentions` field which prevents unintended
@everyone
pings from happening. Also somewhat of a fuck up on Discord's part since they don't tell you that you implemented the field incorrectly.
why is everyone complaining about this? $35 per second makes $126,000 an hour. make that 40 hours a week and you get an annual pay of $241,920,000 without regards of holidays, unpaid vacation, sick days etc. i would be dying to get that
Green light to send this around has been given, and you'd better believe I'm gonna do just that.
Proof, straight from Adam himself, of Spindlehorse paying Hazbin animators $35 per second. That is fucking /slave wages./
This is abuse.
@potakuchan_n
I managed to accomplish a similar thing, but I'm playing on emulator for better performance so at first I thought it might have been an emulation error but nice to know it also happens on actual hardware
@BlackWolfWoof
@DiscordPreviews
@thebiggestcrazy
The attacker will have a harder time getting you out because you need to enter your 2FA code (or password if you don't have 2FA enabled). This will render token loggers useless unless they can figure out your 2FA codes or password as well.
@FateImperius
@DiscordPreviews
You can't see it at all right now without tricking your client into showing it. It's only somewhat done hence the missing banner and or small irregularities