IMPORTANT: Discord QR Code Login Scam & Online Safety


As you may already know, today the Discord account of one our Higher Command officers was compromised in a targeted attack with the intention of dismantling our community.

The ACP Discord server itself has been secured, but sustained damage consequent of the security breach. In addition, about 800 server members were pruned/kicked. It is also worth noting that this is not believed to be an attack on the Club Penguin Army community as a whole.

Especially because a member of Higher Command was targeted, the effects of this extend beyond the Discord server itself. Any confidential DMs and other communications accessible via the breached account have also likely been compromised, and it is anticipated that the perpetrators plan to spread their contents. As of now, the compromised account has been recovered and secured.

The “Discord QR Code Login Scam/Exploit”

The security breach was the result of a “Discord QR code login scam”, in which the attacker attempts to convince a user to scan a QR code given to them. In doing so, the user inadvertently gives the attacker access to their own account.

Because users are able to sign into their accounts via a QR code to bypass the two-factor authentication (2FA) login process, this is a serious threat to online safety.

Although the Discord system asks you confirm your login when scanning a QR code, all it takes is mistakenly confirming/overlooking the notice in order to unknowingly grant unauthorized access.

I highly recommend reading this article and this article, as they provide valuable insight into the issue & how it can affect you (check out this Twitter thread as well, which includes a video example of what happens).

So, if someone ever messages you with a QR code, DO NOT SCAN IT! Remember that many targeted cyberattacks—big and small—are often set in motion by one’s conscious decision to take a certain action.

Before you click or scan ANYTHING, consider if you’re about to be a victim of social engineering.

More Related Resources

The Discord QR code login exploit is an example of social engineering, the use of deception to manipulate others into sharing sensitive personal information. This information can be used against you to access even more personal information, steal assets, and even lead to identity theft, and attackers attempt to accomplish these things in many different ways.

To learn more, check out this article about social engineering campaigns, how to recognize them, and how to protect yourself online.

Additionally, I highly recommend reading the fantastic Discord Safety Center information pages, including this page with tips on staying safe on Discord and this page on how to maintain a secure account.

Note that you can always report a problem to Discord’s Trust & Safety team by submitting this form.

Given this very serious situation, it is ever more imperative that we strive to practice the best online safety habits we possibly can. In reality, there’s many, many threats out there taking advantage weakness or vulnerability—and it’s up to us to keep our accounts secured.

King Mondo

ACP Advisor & Legend


3 Responses

  1. Thank you for this, Mondo!

  2. Great article! Very helpful!

  3. Youre the best, mondo

    *death metal screams*

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: