Create articles from any YouTube video or use our API to get YouTube transcriptions
Start for freeIn the digital era where privacy is a commodity, a new concern emerges for Discord users. A zero-day exploit, selling for hundreds of dollars, claims the ability to reveal users' IP addresses using just their Discord IDs. This alarming revelation prompted an in-depth investigation into the exploit's legitimacy and its implications on user privacy. The journey to unravel this mystery sheds light on the dark corners of the internet, where two particular websites, 'Infos SEC' and 'Cord Killer', stand out for their dubious offerings. This article explores the findings of this investigation and the broader implications for Discord users and online privacy as a whole.
The Discovery of the Exploit
The initial discovery of the exploit sparked significant concern. The ability to obtain a user's IP address from their Discord user ID poses a serious privacy threat. The investigation began with a focus on 'Infos SEC', a site offering various dubious services, including the controversial Discord lookup feature. This feature purportedly allows individuals to find someone's IP by entering their Discord ID - a procedure disturbingly simplified by enabling developer options on Discord.
Further Exploration
However, the rabbit hole goes deeper with additional services like data leaks lookup and reverse domain lookup offered by the site. A concerning, yet non-existent, feature titled 'Discord termer' also highlighted the site's dubious nature. The financial barrier to accessing these services is steep, with a lifetime subscription priced at $700, falsely marketed as a 'security solution' rather than the privacy invasion tool it is.
Investigating 'Cord Killer'
The investigation then shifted to 'Cord Killer', another site offering similar services. Despite its lackluster presentation and questionable advertising tactics, it mirrored 'Infos SEC' in functionality, including the ability to launch DDoS attacks on IPs discovered through their system. Skepticism grew as more users reported their IPs being leaked, suggesting the exploit might be real.
A Deeper Dive into the Exploit's Origin
The turning point in the investigation came from an unexpected source: a Discord bot named 'Restore Cord'. It was discovered that joining certain servers requiring verification through 'Restore Cord' could potentially log users' IPs. This bot is widely used in various malicious Discord communities, leveraging permissions that Discord has yet to revoke, posing a significant risk to user privacy.
Unraveling the Connection
Further investigation revealed a potential link between the 'Restore Cord' bot and the websites selling the exploit. The original owner of 'Infos SEC' and an admin for the 'Restore Cord' Telegram group, Zetic, emerged as a key figure. This connection suggested that the leaked IP addresses might have originated from a 'Restore Cord' database breach.
The Culmination of the Investigation
The breakthrough came when evidence suggested that 'Infos SEC' accessed the 'Restore Cord' database without permission, leading to a reset of database credentials by 'Restore Cord's owner, Zenos. This action appeared to resolve the issue temporarily, but it raised questions about the extent of the breach and the security of user information.
Conclusion: A Call for Greater Security Measures
This investigation into the Discord zero-day exploit highlights the fragility of online privacy and the lengths to which individuals will go to exploit it. It serves as a stark reminder of the importance of cybersecurity vigilance and the need for platforms like Discord to address vulnerabilities promptly. Users are advised to exercise caution when granting permissions to bots and to stay informed about potential threats to their online privacy.
For a more detailed exploration of this investigation, watch the original video.
