![]() ![]() If you ran the code locally on your computer then it could of downloaded scripts that remain on your computer that refresh every time your token changes. The simple fix is to stop running the code. Therefore, they constantly have access to your account. What must be happening here is that you keep putting your user token in the replit to run the code, and every time you run the code, it's sending your token to the attacker. NEVER trust any code asking for your user token that you don't understand. For it to work the user needs to understand what they've just done and the general Discord user will not be technical enough for this. That exact reason is why implementing a button to regenerate your token doesn't make sense. The reason mass DM clients work is because people don't realize they've just given their token away. Now you need to ask yourself: is someone who is dumb enough to scan a random QR code and ignore all the very obvious warning messages given to them smart enough to realize they gave their token away? You cannot (bar some crazy zero day exploit) get someone's token by simply sending them an image without any interaction. Now by image token grabber I have to assume you're referring to QR codes. If someone was to run an unknown malicious script they need to change their password which changes their token. There is no telling what this script may have done. First off, the console already has a very large clear warning deterring anyone from running an unknown script. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |