I would have expected them to ask me to message them, in order to resolve the issue of not having access to my old email. Instead, they assume that I still have access to it, by simply contacting my email provider!
If I could do that, I wouldn’t have lost access to it through would I?
I mean… It would be nice if they put a nicer message there. But I mostly agree with that.
Look up how people social engineer their way into apple accounts and so forth. The more you put the burden on a (perpetually) underpaid CSR the easier it is to steal an account, Spin a sob story and then harass the CSR until they just reset your password so you will go away. Except there is no guarantee that is YOUR password and now we have yet another stolen account.
Also works on EA accounts. Got mine stolen through Customer Service a few months ago. But when I contact them through the email the account was set up with they don’t reinstate me.
Wish there was a solution to these problems that deals with both issues.
There is.
2FA. No, not the fucking “we’ll send you an SMS” bullshit that is increasingly used to just highlight an active phone number for spam purposes. Proper TOTP with the code backed up to a proper service (bare minimum, Bitwarden)
Someone can steal your password and even your email account (unless you TOTP that too…). They still can’t get into your account unless you are an idiot who gets tricked into providing the 2FA key.
In a perfect world? Have your TOTP credentials in one encrypted database/Bitwarden account and your passwords in another. In reality? Just use a trusted service. I used to be a big fan of Keepass but protecting that with a yubikey (or similar) is a huge mess.
The recent push for passkeys (?) is a nice-ish middle ground. People don’t need to understand how to paste a TOTP code into Bitwarden but they still need to approve a login. That said, I hate it since so much of it is dependent on a single device that can generally be opened by just applying REDACTED to the screen and doing REDACTED to narrow down the lock code significantly.
not an SMS
OMFG YEEEEEEESSSSS I HATE THOSE I’m not even super duper security focused I just love the idea of even a bot farm has to guess a code within a 30 second window
Meanwhile sms codes usually expire between a ten minutes and an hour, usually a half hour, but thats if at all
As much as I hate them they’re better than nothing :/
I doubt bruteforce has been used in one of these attacks. The service should detect a bot entering many combinations per second.
The main problem with SMS is that someone could social engineer the mobile operator support to give them a new SIM.
Probably not something you should worry too much about unless you are in any way a target, but still.
“please contact your email provider”
Good luck - a lot of Discord users use freemail accounts (Yahoo, Gmail, Hotmail, etc) where it’s practically impossible to contact the provider or recover a lost account.
This is news to me, just checked my account and the email is of a domain I no longer intend to renew so I guess I’m screwed then lol
No! Youre not! Just make sure you change your email in discord accounts settings before your domain runs out.
They send an email to your current account to check that its you. Then you can change it to a new email
Sadly it expired about a week ago already so it’s a no go :c
A week is recent enough to renew usually if you care
Wow. What bad luck!
Maybe you can export your discord friend and server list and import it to a new accont?
If there is one thing I secure as much as possible it’s my main email address.
If you think about it that’s the most important account of all.
If you lose it, every account using this mail as recovery is also pwned.
I understand this is frustrating but I agree with others that there is not much else discord could do.
My main email said they suspected unusual activity from me. So I need to go to my backup email, and get a code. Simple enough. So I go to my backup email which I never use. I log in, and they say "Looks like it’s been a while, we’re going to send an email to the backup of this account. Well the backup of the backup is the main account. So now I know the passwords for both accounts. But I can’t get into either because both are pointing at the other, so I can’t get into either.
I legit want an actual hacker to hack my backup and let me in, just so I can get into my main. I’ve had the account since 1997
This type of thing is why I, against all internet advice, host my own email. It’s a pain but it’s nice being in control.
Discord support is the absolute worst. I hope to never have to deal with them again.
Do you really expect them to allow you to circumvent the only easy way we have to verify ownership of an account?
I get the sense that a lot of commenters here never had an openmailbox dot org experience.