Discords QR Code Scanning Being Used As Exploit, Discord Engineers Respond Instantly

Discords QR Code Scanning Being Used As Exploit, Discord Engineers Respond Instantly
Credit: DiscordApp via YouTube

Around mid-December, Discord launched new functionality that allows users to log into their Discord account by simply scanning a QR code.  The idea was simple, and in execution, it worked well; almost instantaneous log-in on your mobile device using a QR code that the desktop version would generate.  It allowed PC users to switch from static to mobile locations and also allowed groups of friends to alternate from a PC gaming session to console in a matter of seconds if they hadn’t logged into Discord from mobile before.

No good deed goes unpunished, however, and bad actors were quick to attempt to scam users out of their accounts.  Using the QR code while offering free Nitro, bad actors were giving themselves access to user’s accounts, and then locking them out.  It could be a permanent loss too, assuming that the legitimate user would change the password before the new user could run through the settings.

Discord has cemented itself with PC users as a fantastic medium of sending and receiving information from various channels and interests and has become a favored method for Twitch streamers to keep their community abreast of things while they’re not streaming.

From the official Terraria Discord channel where players can stay on top of suggestions, upcoming works, and memes, to up-and-coming singer/songwriter Sayanoe, to massive channels like Sideshow and Seagull, loss of your account may bring nothing more than frustration as you lose access to everything that you follow.

Discord Nitro is a subscription-based program that is perhaps best heralded as a way to support the international Discord servers, allowing the development team to keep working on new features and ensuring that groups that want to game together, stay together.  They do offer a few elements, or goodies, that come along with the subscription.


A custom Discord tag that you can choose, and keep for as long as you’re subscribed.  Animated GIFs become usable for subscribers, part and parcel of the increased upload limit that subscribers receive along with global emoji usage.

Discord Developers were quick to respond to the first surfaced reports of the scam, and a developer arrived on Reddit to quell concerns on the DiscordApp subreddit.  They’re looking at increasing the ‘friction’ in the feature, allowing users who even accidentally click on the QR prompt to have additional options to ensure that users keep their accounts.

The fundamental rule for the internet applies; if you don’t know what you’re clicking, don’t click it.  If you receive random QR codes, don’t scan them unless you understand what they are actually offering and who they are from.  If it seems shady, it is; that notion is infinitely stronger on the internet.