The Discord Hacker DMed Me…

No Text To Speech

11 Oct 202514:06

Summary

TLDRThe script details a hacker's breach of Discord's systems, exposing sensitive user data, including government IDs and billing information. The hacker claims Discord’s security flaws allowed them to access and scrape millions of files, some involving minors. While the hacker demands a ransom, they threaten to release or sell the data if Discord does not comply. The video also emphasizes the potential dangers of this information falling into the hands of predators. It highlights Discord’s repeated failures in securing their platform and raises ethical questions about the hacker's role in this breach, suggesting a moral dilemma about responsibility for protecting minors online.

Takeaways

😀 Discord's security breach exposed sensitive user data, including government IDs, billing information, and other private details.
😀 The hacker claims to have accessed over 1.6 TB of data, with 578,000 users' billing info exposed, amounting to around $365 million worth of payments.
😀 The breach included government IDs, many of which belonged to minors, raising concerns about child safety on Discord.
😀 The hacker used Discord's internal Zenbar system to scrape private information, including user IDs and phone numbers, which were not properly secured.
😀 Discord failed to secure its Zenbar system, allowing the hacker to send 60 million requests over 58 hours without detection, highlighting a major flaw in the platform's security protocols.
😀 Discord's press release inaccurately downplayed the severity of the hack, stating that only a 'small number' of IDs were leaked, while the hacker claims it was far worse.
😀 The hacker initially demanded a $5 million ransom but reduced the amount to $3.5 million after Discord refused to negotiate.
😀 The hacker's motives are driven by financial gain, threatening to leak user data if Discord doesn't pay, which risks exposing minors' information to predators.
😀 Despite the hacker’s claims to care about exposing Discord’s flaws, they also acknowledge the risk of predators using the leaked data to target children.
😀 The hacker has already leaked a sample of the data and warns that if Discord doesn't comply, the full data will be released, including sensitive information about minors.
😀 Discord's decision not to pay the ransom is based on the risk of encouraging future breaches and the possibility that the hacker might still leak the data regardless.

Q & A

What was the main objective of the hacker who breached Discord?
-The hacker's main objective was to expose Discord's security vulnerabilities by stealing sensitive data, including government IDs, user billing info, and other private information from Discord's internal system.
How did the hacker prove their involvement in the Discord breach?
-The hacker proved their involvement by providing screenshots of internal Discord tickets, user information, billing history, and email logs that matched the user's records, demonstrating they had unauthorized access to Discord's system.
What was the extent of the data the hacker claimed to have accessed?
-The hacker claimed to have accessed over 1.66 terabytes of data, including ticket attachments, user data, and transcripts. They also provided a sample of the files, which contained government IDs, photos, and billing information.
How many users were reported to have had their government IDs exposed, according to Discord?
-According to Discord's public statement, around 70,000 users had their government IDs exposed. However, the hacker claimed that Discord was downplaying the incident, suggesting that a much larger portion of the data was compromised.
What additional sensitive data, besides government IDs, was exposed in the breach?
-In addition to government IDs, the hacker exposed billing information, including PayPal email addresses, the last four digits of credit cards, card expiration dates, and in some cases, phone numbers of users.
What does the Zenbar refer to in the context of Discord's internal system?
-The Zenbar is an internal tool used by Discord support agents. It contains sensitive information about users, such as their billing info, phone numbers, and other private details, which were compromised in the breach.
What were the hacker’s demands, and how did Discord respond?
-The hacker demanded $5 million in exchange for not leaking the stolen data. Discord rejected the demand, prompting the hacker to reduce the amount to $3.5 million. Eventually, the hacker claimed they were ghosted by Discord, leading them to threaten further leaks.
How did the hacker justify threatening to release the user data?
-The hacker justified the threat by claiming that if Discord didn't reach an agreement with them, they would release or sell the stolen data. The hacker emphasized that their ultimate goal was financial gain, with the threat of releasing hundreds of thousands of sensitive files to pressure Discord.
What concerns were raised about the security of minor users on Discord?
-The hacker pointed out that many of the exposed government IDs belonged to minors, as the minimum age requirement for Discord is 13. This raised concerns about potential exploitation by predators who could use the leaked information to target vulnerable children.
How did the hacker's actions potentially worsen the problem of Discord predators?
-The hacker's threat to release the exposed data increases the risk of predators targeting minors on Discord. With sensitive information like government IDs, photos, and phone numbers leaked, predators could use this data to manipulate or extort children, exacerbating an already existing issue on the platform.