Shortly after finalizing my upload, the Sea of Thieves channel was met with the same fate as the Beluga server. So if possible please share this with any staff member of a large Discord server! Second, I went dummy wild on the thumbnail so it might not be the best lookin but I like it regardless :P Wild and wacky is refreshing sometimes. Also I know everyone likes to say "Discord doesn't care about us", well insider knowledge from yours truly will say that surprisingly, Discord does care. They are just SLOW at doing stuff.
Hey man, awesome video! Thank you for taking the time to make more people aware of this kind of scam and help clear my name. Just a quick clarification at 8:10, the messages were faked before my account was compromised, not sent from my account after the hack.
This happened to me, and I literally tried warning staff members in servers about this. 2/16 servers I was in had smart enough staff to see that this was entirely a scam. The 14 others were 8 year old moderators that banned me on the spot. Thank you for making this video because now I can show these idiots they were wrong.
@@Soul.Resonant Honestly tho, I don't know your friend's circumstances, but my friend got sent an invite to a random discord server, joined it, and realized it was full of CP, he immediately left, but didn't report the server, so he got his account banned and was forced to make a new one.
@@Soul.Resonant That can actually happen. One time someone posted CP in a facebook group I was in. It was removed real quickly, but it was still there long enough that hundreds of people saw it.
I was there during the hacking of the Sea of Thieves discord, but the funny thing was is that most people were saying stuff like "Pirates be pirates" and "yarrr your discord server is ours" lol
Coming from a developer pov - discord could use better security measures. Sad that it is that easy. But also, people should be aware - that dev tools are sacred place for people with brains. We can do a lot just by opening that up and injecting code etc. You would think a huge company with billions of users would investigate into fixing their biggest vulnerability.
Even google themself one of the tech leader can't get their shit together. You would think their security measure is top notch, but account hijack by stealing session token is common. There should be a way to prevent these, prompt user to input their password if recent country/device change is suspicious for example. I think they already have similar mechanism in their gmail.
@@redbuIIracing33Crate true I mean they already have access to our geolocation I am quite sure - so why not just log the one used to sign up the account and match the other sessions.
@@ulize. If you login on discord from different IP or from the unregistered ones, discord will ask you to validate the IP using email but I don't think that goes the same for logging in through the Authorization token. I'm not much knowledgeable about the back-end stuff right now but i think they could literally set it up that even if someone uses token to login they should first verify the session and if the session is not verified under a given time then the token should be renewed though that would make the user logout of all the devices but at least their account would be safe. PS. I just read what discord does to stop unauthorized use of token, Discord does have some security measures to prevent unauthorized use of tokens. For example, if Discord detects suspicious activity on your account, such as joining multiple servers in a short period of time or using third party clients or modifications, it might ask you to verify your account using a phone number but there's a big "MIGHT" in it. And what i was saying earlier about verifying the login even if it's a token session would apparently defeat the purpose of tokens 💀 like it would be a little inefficient, though I'd rather have a little inefficiency then having the account security compromised but i can understand that average user wouldn't want that inconveniency as everyone wants to ease their ways to access stuff the companies do give them ease but with a big "MIGHT" compromisation.
I was once friends with rand. They were an admin in my friend’s server. They are actually very nice and i don’t believe for a second they would do anything like that.
Discord should really at least have some kind of warning pop up when you try to open the console saying something like "If you are not a developer and know exactly what you're doing, don't mess with this. If someone has told you to open this up for them, they are trying to compromise your account."
@@heckfok they cant prevent it from being opened, but still print out a warning message inside the console saying "if someone told you to go here you might get hacked"
@@brightblackhole2442 I'm pretty sure roblox does that actually when it comes to their tokens, so that'd be a solution for sure!! while it won't really prevent scams it'll still make ppl more aware
Hey, I saw in the thumbnail that the Sea Of Thieves server was related to the topic, as a regular there I thought I'd shed some light and put my word into the cesspool of the internet. Even if the SoT server wasn't directly covered much in the video, tl:dr the server got targeted by a group of people, just the same kinda thing probably got the token from a higher up just trying to help, and all of the channels were deleted, many members banned. (This wasn't actually the first time a server nuke has happened to us, the last time it happened it actually wiped almost 5 years of history from the server, deleting all the channels and chats. It was all honest mistakes, and everyone moved on. It was lovely to see the support for the mod team, they're just trying to do their job.) It's horrible to see this stuff happen, especially with the gun violence videos in the Beluga group, but I wanted to say thank you for covering things like this and generally being the Discord News guy for us all. This helps raise awareness too, hopefully Discord can help with some better safety features and preventing this, or at very least teach some people who don't know much about tokens a bit more for their own safety.
Heard from another sot server that one of the moderators might've been accused of being a pedo just like with the other server in this vid, so if that ends up spreading just be aware that it's probably bs
@@orion9997 yeah I saw some screenshots, and while I don't know the mods personally like irl, they're of no concern to anyone else's safety. The shots were obviously faked, they couldn't even get some of the basics correct.
This is what happened with the sea of thieves server and when I saw that announcement in the sea of thieves server and i immediately got flashbacks to the first time it happened 6 months ago when the exact same employer got hacked, shit is messed up
@@ulize. firefox and chromium are open source, modify the extensions button to display a fake extension list, recompile it and use that fake version, easy
I have the bug hunter badge and I receive frequent scam attempts and have recently had this happen to me. I went from being in almost 200 servers to 31 after a week of cleaning out what I considered non-essential for my account. I made a second account and joined the servers I still wanted to be a member of. I hate how I'm targeted frequently. I have every privacy setting I can enable turned on yet it's not enough.
Set up an authenticator on a personal device. Whoever logs in needs the authentication code from that app on your personal device. Idk if tokens can bypass it, but it would be worth getting
@@Kora_Cheri tokens do bypass 2 factor auth. It's the code telling the site or app what person is logged in. It can be refreshed, and changed, but an active token is basically the account, and that's how they log in. If anything "requires" you to check your inspect element console, and send what you see in it, it's a scam. Clear and simple.
@@Kora_Cheri tokens bypass 2fa, a token is what allows you to be automatically logged in so if someone has your token they can just paste it as their token and be in your account
I managed to record the whole attack, and it was by complete accident lol I was impressed by the reactions and started screen recording and all hell broke loose
I cannot believe people have gotten their account compromised from inspect element. Discord even warns you in console and the stable client doesn't let you open it now...
Eh well true most youngsters now are use methods the common person oddly don't see as malicious or as a red flag. And commonly many scammers use social engineering tactics to butter you up with small talk and gain you're *TRUST* mostly to see if you know you're stuff. Sad were in this age of harmless communities are raided to script kiddos mess with people with this being the digital age many should be more skeptical but *shocking majority ain't*
Always has but, you should just always be skeptical and second guess random DM's and *DON'T CLICK LINKS* to 2FA isn't iron clad and can be bypassed but wild some don't get that y you're browser store you're account login's (via cookies) and there's many red flag signs no one should fall for!
Discord really needs to get it together with their security. It's way too easy for any angsty 12 year old to get into your account, pretend he's you and ruin your whole internet name (and god forbid irl name to if you have personal info on there) Hell, even with hacks aside there's no rule preventing people from having the same username so someone can easily right click your profile picture, take your name and proceed to make screenshots of things "you" have said.
Just want to clear up, that gun video was a commissioned video for a Sim Swapping gang, it's not an innocent persons house but someone who had scammed one of the members (and committed fraud himself). People send that video around thinking they're apart of the "clique" or whatever.
@@HauntedMound666 Nah that video is real, the shooter got 13 years for it, look up Patrick McGovern Allen. Skids love reposting that particular video to look tough.
It's actually very easy to not fall for this: You can prove you didn't change the messages by pressing F5 Everything will come back to the original if you refresh the page, proving you truly did nothing without needing to open the console as they ask lol If they keep asking you to open the console and show them the messages, they're clearly trying to see your token and steal your identity.
Some of you may think that Beluga's server deserves to be hacked. But think again, those guys who hacked Beluga's server are literally doing illegal stuffs
I fell for this once but it was because they somehow placed a community ban on my steam account. I lost a steam account that I spent over 2k usd on for about 6 hours before I got it back after filing some support requests. Quick edit: They got me banned over something in csgo and I have literally never played csgo once and still have 0 minutes in it
@@treylinazerros159 Oh yeahh I got this one time, but I wasn't stupid enough to fall for it, I just said "oh I'm sure they will look into it and see I'm innocent", I was kinda suspicous of them, so I decided to look it up online and sure enough, there were posts about this scam. I made sure to give them some kind words then blocking and reporting them
this randomly reminded me of when a WoF server got hacked cause a mod fell for a webhook that was disguised as a discord bot for mods (no joke i witnessed things like the roles getting deleted and stuff which ended up causing a shutdown to fix the hack incident by a head staff for the server)
5:07 you’re not a loser, you’re my discord news flash channel explaining why i got banned off a server because i “was under age” (my voice just is too high pitched)
It was actually the house of a rival crypto scammer's gf (no one was home), the shooter's name is Patrick McGovern Allen and he got 13 years in federal prison for it. The shooting has nothing to do with these guys. Skids just love reposting that video to look tough, but it's years old.
That is a serious issue. That's why I am always skeptical about Discord, it's not for nothing there is a bad reputation around Discord. Although, people still get baited and we never talk about Discord's dark side.
These two servers weren't the only ones that were hacked there was another big server which was the Unhatched Games server, which was a discord roblox development server that shared development and teasers of the 2 big games on roblox, Dinosaur Simulator and Dinosaur Arcade.
This is the second time now the sea of theives server has gotten hacked, honestly I just sighed when I saw the announcement in there when I woke up. Basic cyber security really needs to be manditory with community managers. EDIT: Nope ok apparently it was another moderator that got hacked. Because moderators need that many permissions, that sounds great. Especially after it's already happened once??? Basic cyber security understandings really, seriously, needs to be manditory nowadays.
I doubt they were the ones who actually shot at the house. They probably just got that video from somewhere and thought it was cool or edgy to send it bc they have the mental maturity of 10-year-olds
@@kingacrisius Either that, or the video is fake. The muzzle flashes are unlike anything I've seen before. Although, I'm not a gun expert so it may be real.
it's so easy to fake discord messages, why would anyone even accept them as "proof" of anything? rand shouldn't have been banned in the first place, the valorant server staff are clearly inept
It's so easy to tell the scam was written by a non-native English speaker (probably from Kolkata). *I also find it interesting that maybe the scammer was projecting some repressed thoughts about himself onto the victim, "RAND"* .
Simple security things discord must add 1. The token must be invalided if the ip is changed to somewhere far 2. If the token is active multiple times in parallel that's a red flag that shouldn't happen (nobody would open 2 tabs) 3. In settings an option to require 2fa to send messages pinging alot of people, can't be disabled without 2fa 4. Ask for 2fa and password every some hours, might seem annoying but it will prevent attackers from waiting for you to sleep to be able to use your account freely 5. If the same token is used on different operation system or browser then something is definitely wrong 6. Actions especially like changing vanity url should require both password and 2fa Discord needs to add this simple security
For your 1st suggestion, I think there should be an option to toggle that off and on, since a lot of people use VPNs. I don't think the 4th suggestion would be good, since it's inconveniencing the whole userbase for something that a small fraction of people would fall for.
1. IPs are not magically associated with locations, additionally most people don't have stable IPs, changing daily or even more often when traveling and hopping between infrastructure providers. 2. Opening 2 tabs is a very regular occurrence, for example, if you click on message links coming from other applications, they will be opened in a new tab. Maybe a token having sockets open from multiple IP addresses could be a valid indicator. 3. Would be interesting to have this for high risk accounts. 4. Personally, I'm logged in on more than 10 devices, this would be a giant annoyance. 5. This can trivially be circumvented by also stealing the User-Agent header. 6. This seems like a good idea, requiring big actions on big servers to be authenticated a bit more, than just being logged in.
regarding the beluga vanity url, discord can give it back as I have seen this happen to many servers they just need to get in touch with discord about it. Anyways thanks for the video^ will show my staff this!
The worst part is, I'm one of those who has a good reason to doubt Rand even if I knew the person irl (not even an actquintance mind, even online) You'd be shocked how much shit people can hide behind friendly exteriors. This is literally one of those things that basically ruins your reputation and hacks you simultaneously. If someone was to set this up for the sole purpose of fucking you over and not taking over a server, they absolutely could ruin your rep for good by making actual proof instead of fake proof while no one wants to even TRUST you because of the accusations with seeming screenshot proof.
5:27is that warning a thing? Like wtf, nobody thats smart enough on the internet to program that warning on a webpage and if they are, its a scam. Literal moral righteousness nonsense like the discord scam where its "oh no, you did illegal shit, explain yourself" and then they link to a fake server.
That is an accusation that can't be shaken, the stigma ruins your reputation permanently. If the dox data was real, and that accusation spread to the individual's real world, it essentially leaves them with no choice but to self isekai. These hackers should be charged with attempted murder.
all of this is painful, and every single moderator on this earth will never understand this, not even by watching the video, because all of them but ego before reason and have room temp IQ, btw love your stuff NTTS
Correction at 4:44: If they have logged in using your token, it would likely show up as the original device, and therefore would be a device you DO recognise.
@@d_registers.h1 Every device will have a separate token. Copying the token is essentially copying the device. It is certainly possible for discord to differentiate the 2 devices, but I would be (pleasantly) surprised if they did.
@@Benjie56 you are wrong, the "devices" tab uses connections to the gateway to differentiate between devices; additionally you do not necessarily get a new token for every device you log into
@@Benjie56 authentication token is different from your encryption key or MAC address. MAC address would be copying the device and that only works if you have 'remember me' clicked
I was on during the SoT hack, it was interesting. They spammed the n word as much as possible and the mods deleted text channels and vice channels until eventually locking down the server all together.
6:03 This video is from a group called "Vile". They have a doxbin and a site which the video is on , its some weird edit of theirs. The site links news articles about them which they claim false. I dont know much just thought it was interesting as I dont think the people who sent the video on discord were the ones who recorded it like it was portrayed in the video.
@@zgamez129 Or If Some Hacker thinked of DOXXING you DOX them Back And Put Some Swearing and Bets of putting a Knive To the hackers throat and do brutal kills on him. that will make the hacker Scared for his live
Oh man, it sucks that RAND got hacked. I'm surprised they're even on some gaming Discord server, but hopefully the hackers weren't able to steal any classified documents. /s
Shortly after finalizing my upload, the Sea of Thieves channel was met with the same fate as the Beluga server. So if possible please share this with any staff member of a large Discord server!
Second, I went dummy wild on the thumbnail so it might not be the best lookin but I like it regardless :P Wild and wacky is refreshing sometimes.
Also I know everyone likes to say "Discord doesn't care about us", well insider knowledge from yours truly will say that surprisingly, Discord does care. They are just SLOW at doing stuff.
hi
@@Gromn hi
hi
hi daddy
hi
Hey man, awesome video! Thank you for taking the time to make more people aware of this kind of scam and help clear my name. Just a quick clarification at 8:10, the messages were faked before my account was compromised, not sent from my account after the hack.
imagine being slandered in such a terrible way and then your favorite youtuber saves you
mate you have a bug hunter badge and still fell for it xDDD
That makes a bit more sense
smartest beluga fan. how dumb do you have to be to get hacked on discord
35 likes omg
This happened to me, and I literally tried warning staff members in servers about this.
2/16 servers I was in had smart enough staff to see that this was entirely a scam.
The 14 others were 8 year old moderators that banned me on the spot.
Thank you for making this video because now I can show these idiots they were wrong.
Lmao aren’t you the sbs mod 😂
bro, 14/16 servers with 8 year old mods? jesus you need to find new communities
@@RubyPiec Facts bro
@@RubyPiec touché
they deserve to get hacked then lmao
"Rand is disgusting, he sent creepy messages to kids! Good thing we were able to get him off the server. Oh and by the way, buy our CP, only $100!"
Reminds me of my friend who somehow “accidentally” watched CP, I still to this day have no clue how they came across it
@@Soul.Resonant Honestly tho, I don't know your friend's circumstances, but my friend got sent an invite to a random discord server, joined it, and realized it was full of CP, he immediately left, but didn't report the server, so he got his account banned and was forced to make a new one.
@@webpombo7765 bruh what if he forgot to report it he had to get banned fr
@@Soul.Resonant That can actually happen. One time someone posted CP in a facebook group I was in. It was removed real quickly, but it was still there long enough that hundreds of people saw it.
7:08 first message HaRaM
I was there during the hacking of the Sea of Thieves discord, but the funny thing was is that most people were saying stuff like "Pirates be pirates" and "yarrr your discord server is ours" lol
amazing honestly
@@KewIsIncrediblyTiredW hackers for being chill
@@loganmeyer1069 nah, hacking is degeneracy in almost every case. the phrases were cool but he said most and many others probably said terrible things
@@armyman688sometimes a hacking can be a funny experience
Coming from a developer pov - discord could use better security measures. Sad that it is that easy. But also, people should be aware - that dev tools are sacred place for people with brains. We can do a lot just by opening that up and injecting code etc. You would think a huge company with billions of users would investigate into fixing their biggest vulnerability.
Even google themself one of the tech leader can't get their shit together. You would think their security measure is top notch, but account hijack by stealing session token is common. There should be a way to prevent these, prompt user to input their password if recent country/device change is suspicious for example. I think they already have similar mechanism in their gmail.
Alright Mr developer, what do you propose as an ease of use login system :)
Just look at their xss vulnerability they had some time ago lol
@@redbuIIracing33Crate true I mean they already have access to our geolocation I am quite sure - so why not just log the one used to sign up the account and match the other sessions.
@@ulize. If you login on discord from different IP or from the unregistered ones, discord will ask you to validate the IP using email but I don't think that goes the same for logging in through the Authorization token. I'm not much knowledgeable about the back-end stuff right now but i think they could literally set it up that even if someone uses token to login they should first verify the session and if the session is not verified under a given time then the token should be renewed though that would make the user logout of all the devices but at least their account would be safe.
PS. I just read what discord does to stop unauthorized use of token, Discord does have some security measures to prevent unauthorized use of tokens. For example, if Discord detects suspicious activity on your account, such as joining multiple servers in a short period of time or using third party clients or modifications, it might ask you to verify your account using a phone number but there's a big "MIGHT" in it. And what i was saying earlier about verifying the login even if it's a token session would apparently defeat the purpose of tokens 💀 like it would be a little inefficient, though I'd rather have a little inefficiency then having the account security compromised but i can understand that average user wouldn't want that inconveniency as everyone wants to ease their ways to access stuff the companies do give them ease but with a big "MIGHT" compromisation.
I was once friends with rand. They were an admin in my friend’s server. They are actually very nice and i don’t believe for a second they would do anything like that.
❤
@@byterand omg Rand is here
@@byterand yo rand
@@arrax_s if its not the same how tf are they gonna have any idea who you are 😂 r/theidiotgallery
@@arrax_s hes not god dawg 💀
Discord should really at least have some kind of warning pop up when you try to open the console saying something like "If you are not a developer and know exactly what you're doing, don't mess with this. If someone has told you to open this up for them, they are trying to compromise your account."
Unfortunately the console is bound to the browser you're using instead of discord itself so they can't really prevent it from being opened
@@heckfok they cant prevent it from being opened, but still print out a warning message inside the console saying "if someone told you to go here you might get hacked"
@@brightblackhole2442 I'm pretty sure roblox does that actually when it comes to their tokens, so that'd be a solution for sure!! while it won't really prevent scams it'll still make ppl more aware
I remember trying to mess about in the console and that message was there, in huge red letters. Did they remove that? Weird.
@@engchannyeah, I also remember seeing it.
Hey, I saw in the thumbnail that the Sea Of Thieves server was related to the topic, as a regular there I thought I'd shed some light and put my word into the cesspool of the internet.
Even if the SoT server wasn't directly covered much in the video, tl:dr the server got targeted by a group of people, just the same kinda thing probably got the token from a higher up just trying to help, and all of the channels were deleted, many members banned.
(This wasn't actually the first time a server nuke has happened to us, the last time it happened it actually wiped almost 5 years of history from the server, deleting all the channels and chats. It was all honest mistakes, and everyone moved on. It was lovely to see the support for the mod team, they're just trying to do their job.)
It's horrible to see this stuff happen, especially with the gun violence videos in the Beluga group, but I wanted to say thank you for covering things like this and generally being the Discord News guy for us all. This helps raise awareness too, hopefully Discord can help with some better safety features and preventing this, or at very least teach some people who don't know much about tokens a bit more for their own safety.
Thansk for explaining couldnt find anything of what was going on!
Heard from another sot server that one of the moderators might've been accused of being a pedo just like with the other server in this vid, so if that ends up spreading just be aware that it's probably bs
@@orion9997 yeah I saw some screenshots, and while I don't know the mods personally like irl, they're of no concern to anyone else's safety. The shots were obviously faked, they couldn't even get some of the basics correct.
Honestly I feel bad for Rand, I hope things turn out better for him
@ItsPaleAle so if got hacked and banned from the server, you deserved it because you were in another server that i dont like?
Grow up bro
@@EirPlen Facts
That's what u get for being in cringe belugang server
@Vixy Skonk did u like ur own comment
(AND DONT MAKE AN ARGUMENT FOR 500 COMMENTS)
@Vixy Skonk okay 👌
This is what happened with the sea of thieves server and when I saw that announcement in the sea of thieves server and i immediately got flashbacks to the first time it happened 6 months ago when the exact same employer got hacked, shit is messed up
really?
@@photosynthesizehi valor 🥰🥰
EXACT SAME PERSON? LMFAO
@@IHaveBeenDoingTaxFraud googie
Holy hell the scope of this scale is so much more massive and worse than the others... like actually vile. I hope shit gets actually done about this
don't be silly, it's discord
Google en passant
@@object.toString holy hell
Never open your inspect element page, you only need to refresh your page to prove you don't have any messages sent
there are actually hidable chrome extensions to keep inspect element changes the same client side
@@saiv46 or just use a phone..
@ArticleSand2 this dude when someone tells him to click the extensions button: 😨
@ArticleSand2 It's really sad ;w;
@@ulize. firefox and chromium are open source, modify the extensions button to display a fake extension list, recompile it and use that fake version, easy
I have the bug hunter badge and I receive frequent scam attempts and have recently had this happen to me. I went from being in almost 200 servers to 31 after a week of cleaning out what I considered non-essential for my account. I made a second account and joined the servers I still wanted to be a member of.
I hate how I'm targeted frequently. I have every privacy setting I can enable turned on yet it's not enough.
Not enough I guess, turn off dms and you've done it
Set up an authenticator on a personal device. Whoever logs in needs the authentication code from that app on your personal device. Idk if tokens can bypass it, but it would be worth getting
@@Kora_Cheri tokens do bypass 2 factor auth. It's the code telling the site or app what person is logged in. It can be refreshed, and changed, but an active token is basically the account, and that's how they log in.
If anything "requires" you to check your inspect element console, and send what you see in it, it's a scam. Clear and simple.
@@Kora_Cheri tokens bypass 2fa, a token is what allows you to be automatically logged in so if someone has your token they can just paste it as their token and be in your account
I managed to record the whole attack, and it was by complete accident lol
I was impressed by the reactions and started screen recording and all hell broke loose
could u send it somewhere lolol
can you upload the highlights when you have time? Would laugh my ass off
@Majeed's Gaming Yep, I'll post it once I'm home, should be up by tonight
ooooooo i want to see
Slide
I cannot believe people have gotten their account compromised from inspect element. Discord even warns you in console and the stable client doesn't let you open it now...
Rule number 1: Never open your inspect element page
Unless you're trying to be silly
I would rather say: Don't open it when someone tells you to open it
mainly never for randoms in a discord server or any one in general.
rule nr 0: if someone ask u anything, say Hi im joe moma pls call back
and ignore that person
But where else am I going to be able to get my computer to calculate 1+1 for me?
(Yeah that's the console, but same deal.)
People are actually so cruel for no reason..
They love the thrill.
Eh well true most youngsters now are use methods the common person oddly don't see as malicious or as a red flag. And commonly many scammers use social engineering tactics to butter you up with small talk and gain you're *TRUST* mostly to see if you know you're stuff.
Sad were in this age of harmless communities are raided to script kiddos mess with people with this being the digital age many should be more skeptical but *shocking majority ain't*
i think they are angels irl,i mean, nobody can mess up with american cops, lol
@@aoeGamingAEGIS no
@@KwikBR t90depends (search fortheemote)
Basically, if anyone tells you to open the developer console, and you’re not developing the website, *run*.
Trans cat 🏳️⚧️
the neck crack rate is already 50%, we are halfway through
It's crazy just how easy it is to impersonate someone on discord
Pretty sure its the easiest thing ever to get the same name and tag as original accounts
this is why Big servers ask for recording
Always has but, you should just always be skeptical and second guess random DM's and *DON'T CLICK LINKS* to 2FA isn't iron clad and can be bypassed but wild some don't get that y you're browser store you're account login's (via cookies) and there's many red flag signs no one should fall for!
@@SaltyMon videos don't do anything
@Ohioan17 They been effective where I am at, not sure what you mean "doesn't do anything"
As a software engineer, I knew what was going to happen when he said “press f12”
I joined the raid server out of curiosity and was blasted with degeneracy, right as you started talking about it
what was the raid server? do you have a invite im curious
Discord really needs to get it together with their security. It's way too easy for any angsty 12 year old to get into your account, pretend he's you and ruin your whole internet name (and god forbid irl name to if you have personal info on there) Hell, even with hacks aside there's no rule preventing people from having the same username so someone can easily right click your profile picture, take your name and proceed to make screenshots of things "you" have said.
uh there is actually only if the username is too famous
Most of the times the ones that get hacked are actually 12 years old themselves
imagine being in a public server
Just want to clear up, that gun video was a commissioned video for a Sim Swapping gang, it's not an innocent persons house but someone who had scammed one of the members (and committed fraud himself). People send that video around thinking they're apart of the "clique" or whatever.
It's fake kid, relax.
@@HauntedMound666 Nah that video is real, the shooter got 13 years for it, look up Patrick McGovern Allen. Skids love reposting that particular video to look tough.
7:30 that msg had stfu spelled with reactions😂
I like how people call them "hackers" when their not even script kiddies, this is the worst social engineering I have ever seen
It’s not social engineering it’s social doodling 💀
I know how to modify scripts but all these “hackers” do is CNP a peice of numbers
I modifyied a script for a guy that wanted his acount back so the bot can do captcha
I confirm this shit that happened was wild 💀
DADDYGENT
@@rizenstudios what the fuck y u callin him daddy
@@rizenstudios imagine💀
@@Oblivio_21353 Olivia
uwu
It's actually very easy to not fall for this:
You can prove you didn't change the messages by pressing F5
Everything will come back to the original if you refresh the page, proving you truly did nothing without needing to open the console as they ask lol
If they keep asking you to open the console and show them the messages, they're clearly trying to see your token and steal your identity.
We are doomed 💀
Edit: Coungrats to Ntts for joining that dangerous server just to keep us informated
well well, look who we have here :betterthan:
@@acrazyedu8831your mom
zheeomery jash
Hola david
Informated
I remember going back to check out the server and seeing 31 pings 💀Lemme say, server was most active it had been in a long time.
Some of you may think that Beluga's server deserves to be hacked. But think again, those guys who hacked Beluga's server are literally doing illegal stuffs
Belugas sever in its current state didn’t deserve to be as popular as it is, but at the same time it didn’t deserve to be hacked
Beluga sucks as a content creator but that isn't a justification for them getting hacked either
I fell for this once but it was because they somehow placed a community ban on my steam account.
I lost a steam account that I spent over 2k usd on for about 6 hours before I got it back after filing some support requests.
Quick edit: They got me banned over something in csgo and I have literally never played csgo once and still have 0 minutes in it
good thing steam support works
Tbh this sounds like the "oh no I accidentally reported your steam account" scam. You won't get banned if you ignore their scare tactics.
@@treylinazerros159 Oh yeahh I got this one time, but I wasn't stupid enough to fall for it, I just said "oh I'm sure they will look into it and see I'm innocent", I was kinda suspicous of them, so I decided to look it up online and sure enough, there were posts about this scam. I made sure to give them some kind words then blocking and reporting them
its honestly crazy the lengths people will go through to get into an account
0:28 rand also has the rarest badge on discord, The Golden bug hunter
the saul goodman webhook 💀
This kind of stuff is why I’ve been using discord significantly less over time, especially after I suffered a hack situation
I empathize with you
this randomly reminded me of when a WoF server got hacked cause a mod fell for a webhook that was disguised as a discord bot for mods (no joke i witnessed things like the roles getting deleted and stuff which ended up causing a shutdown to fix the hack incident by a head staff for the server)
Are we just going to ignore the server group?? 2:01
Thanks for awareness to everyone 👏🏻
Are u chaos
@@rizenstudios I think he is, java
5:24 "even the worst of people still have a heart inside" ahh moment
You're hero bro. Thanks for warning. This scammers are going crazy.
5:07 you’re not a loser, you’re my discord news flash channel explaining why i got banned off a server because i “was under age” (my voice just is too high pitched)
Yeah same, I’m a girl and my voice is a bit high a lot. I’ve gotten banned off servers because they didn’t believe I was 14.
its so sad that realisticly the basement duelling nerds that do these scams aint even getting anything out of this
The gun video is not recorded by them, it is a fairly old incident & the "innocent" person got kidnapped and forced to give up all his crypto.
Bro he got his crypto taken away? They might as well have taken away nothing
@@Dylan781 Actually they held him hostage as he was a rival sim-swapper. Beat the hell out of him too.
was it uploaded on hoodsite or any other gore site? or was it just the shooting video?
It was actually the house of a rival crypto scammer's gf (no one was home), the shooter's name is Patrick McGovern Allen and he got 13 years in federal prison for it. The shooting has nothing to do with these guys. Skids just love reposting that video to look tough, but it's years old.
That is a serious issue. That's why I am always skeptical about Discord, it's not for nothing there is a bad reputation around Discord. Although, people still get baited and we never talk about Discord's dark side.
Public Discord servers and their consequences have been a disaster for the human race
These two servers weren't the only ones that were hacked
there was another big server which was the Unhatched Games server, which was a discord roblox development server that shared development and teasers of the 2 big games on roblox, Dinosaur Simulator and Dinosaur Arcade.
7:19 how shame is it for us, having an Indian Flag in there....
Holy shit. This is absolutely deplorable. I have no other words for this. I'm just beside myself in anger and disappointment.
The worst part? It's not just for moderators. The same thing just happened to me, and I can't do anything about it.
This is the second time now the sea of theives server has gotten hacked, honestly I just sighed when I saw the announcement in there when I woke up. Basic cyber security really needs to be manditory with community managers.
EDIT: Nope ok apparently it was another moderator that got hacked. Because moderators need that many permissions, that sounds great. Especially after it's already happened once??? Basic cyber security understandings really, seriously, needs to be manditory nowadays.
Discord is such a weird place sometimes, crazy to even think that the people behind these terrible accounts are messed up real humans
as an socially anxious introvert, chances are 0% of me falling for scams 💀
Thank God this was solved only because of discord's report raid feature!!
that gun violence shit is actually crazy asf like imagine hearing gunshots in your house while you're asleep
6:00 Rip that sweet sweet RUclips money for that Video
When I see things like this, I look at the time stamps of the DMs...
The tiniest bit of an image can bring a huge revelation.
6:01 thats actually terrifying, these people are disgusting.
these scammers need to pay for what they did, they need to suffer. Hacking a discord server is okay, but Shooting at someones house? CP? BRO WTF?????
I doubt they were the ones who actually shot at the house. They probably just got that video from somewhere and thought it was cool or edgy to send it bc they have the mental maturity of 10-year-olds
@@kingacrisius Either that, or the video is fake. The muzzle flashes are unlike anything I've seen before. Although, I'm not a gun expert so it may be real.
@@thebuzzybeeking air gun with flash contact powder
These people should serve actual jail time.
4:32 who saw on the left hand side the folder??
the fact they had to say "we hacked and exposed him"
it's so easy to fake discord messages, why would anyone even accept them as "proof" of anything? rand shouldn't have been banned in the first place, the valorant server staff are clearly inept
Google :- did you mean by hacking?
Discord :- did you mean nuking??
Its so easy to hack people on Discord, I hope this gets fixed, tho it probably wont soon...
It's so easy to tell the scam was written by a non-native English speaker (probably from Kolkata).
*I also find it interesting that maybe the scammer was projecting some repressed thoughts about himself onto the victim, "RAND"* .
6:10 are you sure youtube it's not gonna be mad with that?
6:50 star man said rakist with a k 💀
Props to this guy for telling us everything we need to do to avoid such mistakes
Even tho I'm not that much of a Discord user nowdays xdxdxd
xdxdxd
I had a fnaf song playlist playing and when it got to the red discord guy it just played the fnaf security breach theme LMAO
Simple security things discord must add
1. The token must be invalided if the ip is changed to somewhere far
2. If the token is active multiple times in parallel that's a red flag that shouldn't happen (nobody would open 2 tabs)
3. In settings an option to require 2fa to send messages pinging alot of people, can't be disabled without 2fa
4. Ask for 2fa and password every some hours, might seem annoying but it will prevent attackers from waiting for you to sleep to be able to use your account freely
5. If the same token is used on different operation system or browser then something is definitely wrong
6. Actions especially like changing vanity url should require both password and 2fa
Discord needs to add this simple security
nowadays 2fa is not even enough. cause of using tokens or cookie to bypass any authentications
For your 1st suggestion, I think there should be an option to toggle that off and on, since a lot of people use VPNs. I don't think the 4th suggestion would be good, since it's inconveniencing the whole userbase for something that a small fraction of people would fall for.
It's so easy to have 2 tabs of it open for whatever reason, that seems like a dumb limitation
1. IPs are not magically associated with locations, additionally most people don't have stable IPs, changing daily or even more often when traveling and hopping between infrastructure providers.
2. Opening 2 tabs is a very regular occurrence, for example, if you click on message links coming from other applications, they will be opened in a new tab. Maybe a token having sockets open from multiple IP addresses could be a valid indicator.
3. Would be interesting to have this for high risk accounts.
4. Personally, I'm logged in on more than 10 devices, this would be a giant annoyance.
5. This can trivially be circumvented by also stealing the User-Agent header.
6. This seems like a good idea, requiring big actions on big servers to be authenticated a bit more, than just being logged in.
For number 4, just do it at times when the user has gone offline and then it suddenly goes online
Bro is a bug hunter but fell for this 💀
Now there’s a excuse for me to not use a discord or a discord server
regarding the beluga vanity url, discord can give it back as I have seen this happen to many servers they just need to get in touch with discord about it. Anyways thanks for the video^ will show my staff this!
The worst part is, I'm one of those who has a good reason to doubt Rand even if I knew the person irl (not even an actquintance mind, even online)
You'd be shocked how much shit people can hide behind friendly exteriors. This is literally one of those things that basically ruins your reputation and hacks you simultaneously. If someone was to set this up for the sole purpose of fucking you over and not taking over a server, they absolutely could ruin your rep for good by making actual proof instead of fake proof while no one wants to even TRUST you because of the accusations with seeming screenshot proof.
Is no one going to talk about what the server folder says? 2:07
2:21 the folder...
God bless this brings awareness to those people being scammed
5:27is that warning a thing? Like wtf, nobody thats smart enough on the internet to program that warning on a webpage and if they are, its a scam. Literal moral righteousness nonsense like the discord scam where its "oh no, you did illegal shit, explain yourself" and then they link to a fake server.
The lclc(big roblox RUclipsr) server was also hacked like a day after :(
That is an accusation that can't be shaken, the stigma ruins your reputation permanently. If the dox data was real, and that accusation spread to the individual's real world, it essentially leaves them with no choice but to self isekai. These hackers should be charged with attempted murder.
Defamation*
@@Maxawa0851 no. Attempted murder. They intentionally tried to set into motion a course of events that would lead inevitably to the target's suicide.
Dude your videos are peak discord lore
all of this is painful, and every single moderator on this earth will never understand this, not even by watching the video, because all of them but ego before reason and have room temp IQ, btw love your stuff NTTS
you know its a good day when youre boutta eat and see ntts uploaded a new video
Correction at 4:44: If they have logged in using your token, it would likely show up as the original device, and therefore would be a device you DO recognise.
1 token does not equal 1 device...
@@d_registers.h1 Every device will have a separate token. Copying the token is essentially copying the device. It is certainly possible for discord to differentiate the 2 devices, but I would be (pleasantly) surprised if they did.
@@Benjie56 you are wrong, the "devices" tab uses connections to the gateway to differentiate between devices;
additionally you do not necessarily get a new token for every device you log into
Benjie? More like
Wrongjie
amiright?
@@Benjie56 authentication token is different from your encryption key or MAC address. MAC address would be copying the device and that only works if you have 'remember me' clicked
I was on during the SoT hack, it was interesting. They spammed the n word as much as possible and the mods deleted text channels and vice channels until eventually locking down the server all together.
the false ban one had actually happened to me a while ago, thankfully an actual moderator was who DMed me after I appealed, no console shit
The name they said when they shot the guns was “Justin Active was here” btw
And they revealed rand’s name
why are there so much stuff going on on the internet ._.
6:03
This video is from a group called "Vile". They have a doxbin and a site which the video is on , its some weird edit of theirs. The site links news articles about them which they claim false. I dont know much just thought it was interesting as I dont think the people who sent the video on discord were the ones who recorded it like it was portrayed in the video.
Only solution: Don’t use discord and instead use RUclips comments to communicate
Return to morse code
but u can't paste links into yt comments, lol
youtube comments 💀💀
@@aoeGamingAEGIS you can
nah i think we should switch to guilded ngl
the word cock on the left there is such a funny joke
Pro tip: delete discord
This made my life better and my dad reappeared, thanks!
@@zgamez129 Or If Some Hacker thinked of DOXXING you DOX them Back And Put Some Swearing and Bets of putting a Knive To the hackers throat and do brutal kills on him. that will make the hacker Scared for his live
Already did.
@@Kuzuki_real are you 5 years old dawg
please not telegram
im pretty sure that the video at 6:04 is from another person but not from those people who hacked the server and all that
Thank god, we got some good people out there ❤❤❤
7:09 bro this video probably has more sensoreship than a type of anime 💀
7:04 astaghfirullah WHAT
what does that mean
@@KwikBRits some word us muslims use for somthing weird, shocking
Mashaallah The Guy Need To Go To Hell And Suffer
أَسْتَغْفِرُ اللّٰهَ
@@DankWasTaken fr
My brain isn't strong enough to process this. Why would someone do this? What is wrong with people?
Oh man, it sucks that RAND got hacked. I'm surprised they're even on some gaming Discord server, but hopefully the hackers weren't able to steal any classified documents. /s
I was in the Beluga server when this happened, the slow mode increased up to 1 hour, but then the mods fixed it.