Phishing is also a distinct possibility. Lot of normies are too retarded to check what URLs they're actually following and most are too retarded to understand basic internet security.
I've had to take IT internet security training recently. Apparently, "Hello, I am the password inspector, please email me your password" is a big enough issue that actually works that they needed a half hour presentation on that alone. No hacks, no cracks, no phishing, just utter morons.
Discord is a pretty notorious target for it's absolute dumpster fire of a security model.
Not sure if it's still the case, but not only does the application just wrap a web browser to a specific "internal" website, but it stores your authentication token in it. Clicking a malicious link (or a good link that has itself has its server silently hacked, or is serving a malicious ad) could log that token and they'll have the keys to the kingdom because there is literally nothing that signs it to your device.
You mean guessed your shitty password.
Phishing is also a distinct possibility. Lot of normies are too retarded to check what URLs they're actually following and most are too retarded to understand basic internet security.
I've had to take IT internet security training recently. Apparently, "Hello, I am the password inspector, please email me your password" is a big enough issue that actually works that they needed a half hour presentation on that alone. No hacks, no cracks, no phishing, just utter morons.
Remember the old experiment where people would give the interviewer their password for whatever in exchange for a candy bar? Not much has changed.
Discord is a pretty notorious target for it's absolute dumpster fire of a security model.
Not sure if it's still the case, but not only does the application just wrap a web browser to a specific "internal" website, but it stores your authentication token in it. Clicking a malicious link (or a good link that has itself has its server silently hacked, or is serving a malicious ad) could log that token and they'll have the keys to the kingdom because there is literally nothing that signs it to your device.