Discord is a pretty notorious target for it's absolute dumpster fire of a security model.
Not sure if it's still the case, but not only does the application just wrap a web browser to a specific "internal" website, but it stores your authentication token in it. Clicking a malicious link (or a good link that has itself has its server silently hacked, or is serving a malicious ad) could log that token and they'll have the keys to the kingdom because there is literally nothing that signs it to your device.
You mean guessed your shitty password.
Discord is a pretty notorious target for it's absolute dumpster fire of a security model.
Not sure if it's still the case, but not only does the application just wrap a web browser to a specific "internal" website, but it stores your authentication token in it. Clicking a malicious link (or a good link that has itself has its server silently hacked, or is serving a malicious ad) could log that token and they'll have the keys to the kingdom because there is literally nothing that signs it to your device.