Skip to content

Instantly share code, notes, and snippets.

@almostSouji

almostSouji/TOKEN

Last active May 1, 2024 09:50
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save almostSouji/0caa54530df5ee205ba166611d9801f5 to your computer and use it in GitHub Desktop.
Save almostSouji/0caa54530df5ee205ba166611d9801f5 to your computer and use it in GitHub Desktop.
Download ZIP
You leaked your token. This is probably how you get here
Raw
explainer.md

You leaked your (bot) token.

Warning

Your (bot) token leaked
I/one of my watchers found it and uploaded it here to protect you from damage
It is now reset, please be more careful

What happened?

I can't be exactly sure what happened in your specific case, but some common causes are:

  • You posted your bot token in a public Discord channel
  • Your account got token-logged by malware
  • You entered your credentials in a fake login form
  • You trusted someone too much

Note

GitHub works with Discord to automatically scan public gists for tokens and resets them, if found!
Your token being uploaded here very likely prevented further abuse!
Read more about secret scanning: https://docs.github.com/en/code-security/secret-scanning/secret-scanning-patterns

How to prevent this from happening

Tokens act as keys to your or your bot's Discord user. You are responsible for what anyone does with your tokens!

  • DO redact your bot token from code samples
  • DO use environment variables for secrets (sometimes called config variables or secrets by services)
  • DO use a password manager and auto-fill. (if credentials do not auto-fill, ask yourself why! maybe it's a fake site!)
  • DO NOT share your bot tokens with people you don't trust
  • DO NOT share your user token with anyone (that includes apps, even if they claim to do something cool!)
  • DO NOT download and run random code on your machine (not to debug, test games or otherwise help people either)
  • DO NOT scan QR codes with Discord to verify any services, ever.

It was my user token - what now?

If your user token was uploaded here, that means we found it in the hands of scammers. That sucks but we hopefully could prevent some damage by uploading it here. Your next steps should be:

  1. Spot-check with https://www.malwarebytes.com/ or similar software. Make sure your systems is clean!
  2. Reset your passwords
  3. Reset your sessions for important services
  4. Check your bank accounts for unauthorized purchases (that includes paypal and similar!)
  5. Consider using a password manager (it doesn't help against token logging, but can prevent some phishing websites by not offering you the auto-fill)
  6. If you see unauthorized Discord purchases, contact Discord: https://support.discord.com/hc/en-us/requests/new?ticket_form_id=360000118612

Warning

Being scammed through Discord does not mean scammers are only looking for your Discord account.
Information stealer malware will grab everything it can and relay it to the attackers.

How do I get a new bot token now?

  1. Head over to https://discord.com/developers/applications/
  2. Select your application
  3. Under "Bot", choose "Reset Token"
  4. Click on "Yes do it!", enter your 2FA, etc.
  5. Replace your token in your bot code and config files
Raw
TOKEN
MTIzNTAxMDM1NDY2MTI5ODI2OA.GMo5pj._ujGzcGkctZD1B17iidiRrTSe3DZGz8cgB-B2w
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment