Comment by Banditoz - Hacker Neue

Banditoz 2 days ago parent

Playing devil's advocate a bit, if this service hosts a Discord bot you create for you, that means it uses the bot token, right? The service has to store and secure hundreds of thousands of tokens, if all of those get breached/leaked, an attacker can do a lot to a lot of Discord servers assuming it has the requisite permissions.

However, they do claim that Mee6 (the biggest Discord bot by # of servers, iirc) offers a similar feature but Discord is letting them slide?

paxys 2 days ago

Discord holds user session tokens right? If those tokens are leaked then attackers will have access to Discord user data. Seems like Discord should be shut down.

Banditoz OP 2 days ago

Hmm, good point, but Discord can't control the security of a third party platform like this.

Not saying it's the right thing to do, but it seems to be their reasoning.

sneak 2 days ago

Discord has the plaintext of every single message ever sent via Discord, including all DMs.

Can you imagine the value to LLM companies?

It’s probably the single largest collection of sexting content outside of WeChat (and Apple’s archive of iCloud Backups that contain all of the iMessages).

This item has no comments currently.