Got a msg this morning say there has been a security breach in discord apps. Is this true? Credit card data etc is at risk. This was from scautura @everyone Sorry to everyone but important security related stuffs. Yesterday a known security vulnerability [CVE-2018-1000006] affecting Windows users of Electron based programs (like discord) was made public. Electron itself has been patched, and some apps based on it (e.g. skype, slack) have already been patched. AFAIK, Discord has not yet been patched, nor have they even admitted that they suffer from it. Scope of vulnerability: ***Windows (not linux or macOS)*** users who have installed the discord desktop app can click a crafted URL (perhaps obfuscated via e.g. tinyurl) which can cause download and execution of malicious code on their computer. Scope of damage: Malicious code could in turn read user data and encrypt it (wannacry style) or farm passwords/bank-details/credit-card or other personal data that is not encrypted at rest and send them to other parties. ***Defence: Do not click on any untrusted links. Do not allow webpages to open the discord desktop app.*** Fix: There is no fix at this time. Presumably discord will incorporate an updated client in time. Since this is electron based, any other electron app may also be affected. A list of all known electron-based apps are available here: https://electronjs.org/apps - note this is a list of all apps, not a list of vulnerable apps. Further info: https://electronjs.org/blog/protocol-handler-fixhttps://www.cyberscoop.com/electron-vulnerability-skype-slack/
According to this Reddit thread, no, Discord is not vulnerable: https://www.reddit.com/r/discordapp/comments/7sj9kw/discord_electronjs_vulnerability_dont_click_any/