357
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 14 Aug 2023
357 points (97.9% liked)
Technology
59598 readers
4592 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
I'm actually curious where did they got the passwords from? Discord.io looks to be using Discord itself for authenticating users, but I myself have never used the service so I have no idea.
Depending on how that authentication handshake is implemented secrets can be leaked. It could be a security flaw on Discord’s side that Discord.io has access to via SSO, or it could be that Discord.io stores username and password for some reason.
Yeah but there's a big difference between tokens that can easily be revoked and what could be potentially plain-text passwords.
edit: Okay, so it sounds like they had their own account system back in 2018 separate from Discord. That makes more sense.