All Discussions > Steam Forums > Steam Community > Topic Details
Antynah Oct 20, 2024 @ 4:42am
Do not link your Steam account to Discord (Account compromise)
(English isn't my first language so sorry for any grammar mistakes!)

Between September 20th and 26th, I joined a Discord server I found on the dashboard. On that server, there was a security check bot, and all I had to do was give it access to my Discord account. Since that’s common on servers and all bots, I accepted.

I didn't log into my Discord account for a couple of days—maybe two? I’m not sure. When I finally did, I noticed I was in a server I hadn’t joined before, but it looked similar to the one I had joined earlier. It seemed strange, but I didn’t think much of it, just left the server and moved on.

Then, on September 30th, my Discord account got hacked. Dozens of people were spammed with Steam gift card links in their DMs. I found out because my girlfriend told me she received a weird link from my account. After that, I deleted all the links, informed everyone, and changed my Discord password. I suspected the bot was behind this, so I disconnected it from my account. I checked my email and Steam account right after, but there was nothing unusual.

On October 15th, I logged into my Steam account to play something and noticed some currency in my wallet. I had never bought or had credits there. That’s when I realized they had sold all my trading cards without me knowing. Steam never notified me about it. When I checked my email, I saw that they had only sent a notification about a trade on October 13th for a Dota 2 card, which I don’t even play.

After that, I changed my emails and passwords for all my accounts. I think everything is resolved now, but I'm still worried. I never allowed the bot access to my Steam account and never logged in on another site, yet they still managed to hack it easily :(

(Just letting you know that, prior to this, both accounts had two-factor authentication enabled)

(EDIT: I use my pc mainly for college and occasionally for gaming. I only use Discord for work purposes, I don't enjoy using Discord but it's the only way to stay in touch with my clients.)

(EDIT 2: I forgot to mention earlier, but both my Discord and Steam accounts were compromised on the same day and around the same time (the night of September 30th). Just a reminder that I’ve only ever logged into my Steam account through the official Steam app/program and through Discord years ago to link it. Thanks so much to everyone who provided some explanations about it!)
Last edited by Antynah; Nov 2, 2024 @ 12:21pm
< >
Showing 1-15 of 22 comments
Jaunitta 🌸 Oct 20, 2024 @ 5:01am 
Steam has a great group voice chat over Discord. More reliable and safe :)
#1
76561199767014109 Oct 20, 2024 @ 5:30am 
Steam has a great group voice chat over Discord:steamthis::steamhappy:
#2
skOsH♥ Oct 20, 2024 @ 5:59am 
You got phished

So when you enter a discord address, you entered something that led you right into the trap.

Just typing in a malicious url can give someone else access to your pc, and this is called phishing. It's a very common scam, and scammers are prolific on discord, so just reach out to steam support, but they cannot recover your items. Thank you for the PSA

As for Steam having their own discord, I don't know of such a thing. That in and of itself sounds like a scam because you don't ever directly interact with them from steam to end user on a third party platform.

Ignore the trolls.
#3
Maria Oct 20, 2024 @ 6:01am 
Can you clarify what you mean by
Originally posted by Antynah:
... all I had to do was give it access to my Discord account. Since that’s common on servers and all bots, I accepted.
..

I'm aware that sometimes servers have bots to combat spam/bots, but usually, all you need to do is just react with emotes.

They won't ask you for access to your Discord account.
#4
Antynah Oct 20, 2024 @ 6:23am 
Originally posted by Maria:
Can you clarify what you mean by
Originally posted by Antynah:
... all I had to do was give it access to my Discord account. Since that’s common on servers and all bots, I accepted.
..

I'm aware that sometimes servers have bots to combat spam/bots, but usually, all you need to do is just react with emotes.

They won't ask you for access to your Discord account.

Some Discord servers need you to give the server bot permission on your account so you can access things and prove you're not a bot. It’s the same if you wanna use a bot (like Loritta or Tatsu for example) Sorry if the text was a bit confusing /gen
#5
Maria Oct 20, 2024 @ 6:29am 
Originally posted by Antynah:
Sorry if the text was a bit confusing /gen
That's fine, so what did you do exactly? Reacting with emotes? Did they ask you to scan a QR code?
#6
Antynah Oct 20, 2024 @ 6:52am 
Originally posted by Maria:
Originally posted by Antynah:
Sorry if the text was a bit confusing /gen
That's fine, so what did you do exactly? Reacting with emotes? Did they ask you to scan a QR code?


I didn’t log in or scan a QR code I just authorized the bot as usual
The authorization site was (or looked) legit, just like the other bots I'm used to. The bot even showed up right after in my list of authorized apps on Discord with the others I use.
Regarding my Steam account I haven't logged in on anything during this time
#7
Electric Cupcake Oct 20, 2024 @ 7:02am 
Imagine using that discord crap at all.

What kind of plebeian idiot doesn't use a proper Tox client?
#8
Jon the VGNerd Oct 20, 2024 @ 12:18pm 
Originally posted by Electric Cupcake:
Imagine using that discord crap at all.

What kind of plebeian idiot doesn't use a proper Tox client?
What's surprising is that Discord's still a widely popular platform used worldwide.
#9
ChuTheMan Oct 20, 2024 @ 12:22pm 
user error.

People are insane just to let any random bot on discord get access to your account or authorize anything. Bots on discord can do a lot of ♥♥♥♥ to your account.

You sure you read the permissions the bot would gain access to before accepting it?
#10
. Oct 20, 2024 @ 1:09pm 
People are insane to use Discord with a centralised DB when Team Speak hosts a local server.
#11
Maria Oct 20, 2024 @ 3:14pm 
Originally posted by Antynah:
... I just authorized the bot as usual
The authorization site was (or looked) legit, just like the other bots I'm used to. The bot even showed up right after in my list of authorized apps on Discord with the others I use. ...
If the bot doesn't have a checkmark Verified bot when you hover over them, which I'm sure is basically what happened to you, just ignore that bot.

These servers running by fraudsters usually put a legit bot (that you can notice on the right side) inside their server, but they put the impostor one to do the verification.
Last edited by Maria; Oct 20, 2024 @ 3:25pm
#12
Electric Cupcake Oct 22, 2024 @ 3:37am 
Discord is nothing but scammers.

Use Mumble or a Tox client like a normal person for ingame chat.
#13
BlowieBlizar Oct 22, 2024 @ 3:39am 
good
#14
Satoru Oct 22, 2024 @ 5:40am 
For people who don't understand

Discords 'linking' of your steam account does not give anything on Discord access to anything on your account. Nothing. The only thing it can say is

You own account wiht the Steam ID of X

That's literally it. Hijacking a Discord account doesn't give you any access to your steam account in any way.
#15
< >
Showing 1-15 of 22 comments
Per page: 1530 50

All Discussions > Steam Forums > Steam Community > Topic Details
Date Posted: Oct 20, 2024 @ 4:42am
Posts: 22
Start a New Discussion

Discussions Rules and Guidelines