Warning
Your (bot) token leaked
I/one of my watchers found it and uploaded it here to protect you from damage
It is now reset, please be more careful
I can't be exactly sure what happened in your specific case, but some common causes are:
- You posted your bot token in a public Discord channel
- Your account got token-logged by malware
- You entered your credentials in a fake login form
- You trusted someone too much
Note
GitHub works with Discord to automatically scan public gists for tokens and resets them, if found!
Your token being uploaded here very likely prevented further abuse!
Read more about secret scanning: https://docs.github.com/en/code-security/secret-scanning/secret-scanning-patterns
Tokens act as keys to your or your bot's Discord user. You are responsible for what anyone does with your tokens!
- DO redact your bot token from code samples
- DO use environment variables for secrets (sometimes called config variables or secrets by services)
- DO use a password manager and auto-fill. (if credentials do not auto-fill, ask yourself why! maybe it's a fake site!)
- DO NOT share your bot tokens with people you don't trust
- DO NOT share your user token with anyone (that includes apps, even if they claim to do something cool!)
- DO NOT download and run random code on your machine (not to debug, test games or otherwise help people either)
- DO NOT scan QR codes with Discord to verify any services, ever.
If your user token was uploaded here, that means we found it in the hands of scammers. That sucks but we hopefully could prevent some damage by uploading it here. Your next steps should be:
- Spot-check with https://www.malwarebytes.com/ or similar software. Make sure your systems is clean!
- Reset your passwords
- Reset your sessions for important services
- Check your bank accounts for unauthorized purchases (that includes paypal and similar!)
- Consider using a password manager (it doesn't help against token logging, but can prevent some phishing websites by not offering you the auto-fill)
- If you see unauthorized Discord purchases, contact Discord: https://support.discord.com/hc/en-us/requests/new?ticket_form_id=360000118612
Warning
Being scammed through Discord does not mean scammers are only looking for your Discord account.
Information stealer malware will grab everything it can and relay it to the attackers.
- Head over to https://discord.com/developers/applications/
- Select your application
- Under "Bot", choose "Reset Token"
- Click on "Yes do it!", enter your 2FA, etc.
- Replace your token in your bot code and config files