Discord Vulnerability Allows Hackers to Bypass 2FA and Take Control of Accounts

User accounts on Discord are at risk due to a newly discovered critical vulnerability in the messaging service. Initial rumors about this authentication flaw began circulating yesterday among gamers who use Discord’s voice chat for multiplayer gaming.

It’s worth noting that Discord’s large gaming audience is partly due to its built-in game store and specialized tools designed for players.

How the Vulnerability Works

The vulnerability affects Discord’s authentication process via QR codes—a method many gamers use to log into their accounts, especially on desktop devices.

Attackers can exploit the QR code scanning feature for malicious purposes. If the attack is successful, the hacker gains full control over the victim’s account.

Attack Method

To exploit this vulnerability, the attacker sends the user a special message containing a QR code. The message typically claims that the user can win a prize by scanning the attached QR code.

If the victim follows the hacker’s instructions and scans the code, the attacker gains complete access to the victim’s Discord account. Importantly, this method allows the attacker to bypass two-factor authentication (2FA).

Stay Safe

• Be cautious of unsolicited messages containing QR codes, especially those promising rewards or prizes.
• Never scan QR codes from unknown or untrusted sources.
• Enable additional security measures on your Discord account and stay informed about the latest security updates.