Your Discord Messages Are For Sale (4 Billion of Them)
ฝัง
- เผยแพร่เมื่อ 5 ก.ค. 2024
- Get 20% off DeleteMe US consumer plans when you go to joindeleteme.com/seytonic and use promo code SEYTONIC at checkout.
DeleteMe International Plans: international.joindeleteme.com/
0:00 Intro
0:15 Discord Messages for Sale
4:22 DeleteMe (sponsored)
5:09 Telegram Vulnerability
8:00 iMessage Exploit
===============================================
My Website: www.seytonic.com/
Follow me on TWTR: / seytonic
Follow me on INSTA: / jhonti
=============================================== - บันเทิง
Oh, how great.
So, an army of bots was used to join servers, request through every message and digest them to a ready-to-sell format... Honestly, I thought this would happen sooner...
The 🇪🇺 European union will decend on them once they hear about this
@@IdontKnowAtAlllol oh no, not the strongly worded letter to ask them to stop!
It already happened once, that site got sued to oblivion by discord.
It did happen sooner, just way fewer people knew about it. Also not counting the times armies of bots joined servers just to check what users were in those servers
@@IdontKnowAtAlllol Read on the eIDAS legislation, unless you want the "almighty" EU to legally force browsers to include government root certificates and spy on everybody, just the way facebook did with their VPN. The EU isn't as good as people make it up to be.
"currently remains anonymous" you hear that unknown, you're "unknown" 😊
they better not leak the "src" of the site 😊
@@claytontdm omg, lmaoooo
yeah 😂
As a quick note for anyone curious. The youtuber No Text To Speech has gone over the situation and other accounts likely owned by the same user.
Soon on the market: "data for training A.I. algorithms. No copyright, we totally didn't steal it"
imagine training AI on 9 years old discord users AND (not calling 9 years this) .. so, and cancer discord users
@@AEGISAOE I have the same thing with only 800 servers and it's shit data. 300 million messages and a few million users and complete and utter shit data. A waste of time really unless you want your bot talking like someone in the roblox server lmao This is the last thing anyone should be worried about because Discord won't be able to fix it. Only take them down. Just treat Discord like a townhall unless in DM with a friend
@@zr9757 are those huge streamer servers where people talk all the time and chat never stops. ik its also botted, because they dont reply to dms or reply to my messages
I tried to purchase credits yesterday and I still have zero credits :D Wouldn't be surprised if the owner gotten scared after seeing NTTS's exposing video and going to disappear soon.
Edit: I received the credits after 19 hours and 2 emails
yeah, Seytonic just didn't do his research when he said "it's not clear who runs the site"
@@sehnyu1652in his defence ntts's video wasn't up until today and it's also more of a media focus then mega dangerous thing. He also makes videos with a lot larger range then ntts
I don't think it's smart using your credit/debit card on that website
@@pr3cious193 I don't think it's smart to comment on topics you have no idea about. Even if I wanted to, I couldn't put my card infos there because they only accept crypto....
@@pr3cious193 didn't seytonic say that payment there is crypto only?
I mean... yea, Public servers are public and everyone can read the Messages and copy that data. This is interesting to know, but not at all a suprising...
The scale of 4 billion messages is impressive and more than I would have expected.
well, that's actually true, they are public , so, should not be problem. only problem appears when someone makes profit. people dont like others making money
@@AEGISAOEtrue public servers are public servers i think the issue appears when you cant remove your details from the website (if watched NTTS video or visited the website recently you will know that you still cant no matter what has changed on the website) as well as the multi server tracking since public message loggers using vencord etc are a thing but being able to view most or all servers a user is in can be a issue.
discord even has a search function albeit a bit s**ty
@@williamisl6612 you know how websites work? there is a frontend (what we see in browser) and a backend (code, database and so). Removing your personal details from website won't do much, because who has the data can rehost..
Now can we talk about how the guy who founded Discord (Jason Citron) sold the personal data of every user of his previous platform to a Chinese data scrapping company?
im sorry but we cant we just dont feel like it sorry
Yup.
"it's not clear who runs the site"
ntts: boi I got news for ya
They already were up for sale, Tencent (partly owned by CCP) owns a 38% share in discord
Source of it being up for sale?
@@prieadieu he means that we already sold our shit to china
that doesnt mean anything lmfao, even if they want to sell the info thats on discord they dont have their hands on the server they just make business decisions
@@prieadieuI made it up for dramatic effect
@@idkfpv6435 Source: "I made it the fuck up"
If a cyber criminal is using telegram for chat, they're probably not a good cyber criminal.
What's a good platform 🤔
@@iabakarnone of them
obviously!
@@iabakar matrix obviously lol
Which one is best
Okay, so it's just public servers. It's on you for posting sensitive stuff to a public forum in the first place.
anyone can submit links to the website, including private servers.
Yeah no. It's more than just public servers lol
@@BR-ty3hx It's not. They got these messages by making a bunch of bots and sending them to different servers then scraping the messages in said servers, thus dms are unaffected (as stated in the video) because there's no way of seeing dms between people unless one of the users are hacked.
@GhOs7-Operator There's a difference between accidentally leaving something in a public place and deliberately thinking "Yup, this is a message that I think is suited for a public server with 1k members that can be joined by anyone at any time who can search for my messages".
I don't use public forums, but Discord taught me they can't be trusted. Worse, Discord has idiots victim-blaming their users on their behalf.
I think there's a problem with Discord often being used as an alternative to a website for hosting content and information, which can't be indexed and found via internet search engines. I think if instead of selling the data it was rehosted in an indexable website format that could be a useful resource for everyone.
I hate this trash and I wish it would be indexable by search engines
That's the point for a lot of people, can't search for It, can be linked to regardless if ever needed. For real web hosting meant to be seen, use an online gallery meant for It.
I discovered a few days ago that my password is only worth 4 dollars on the dark web. Discord messages only sell for 10 cents is crazy cheap. Our privacy is worthless nowadays. Hackers and scammers rule the world.
riiight.. and not politicians and their master from shadows? riight...
@@user-td8ng4dn1r It's a turn of phrase you dip
@@user-td8ng4dn1r Politicians are scammers you good for nothing commenter... Stealing tax payers' money. If you trying to be smart then at least do it better
@@user-td8ng4dn1r false, it is I whole rule the world
@@gideon5942 yessssssssssssssss
_Mental Outlaw is going to have a field day in his upcoming video with that news_ !
Ah, so that's what (some of) those mysteriously quiet bot accounts track.
They randomly join large servers but do absolutely nothing visible in there, blending in the member list when not watching new joins.
The servers I've helped out in or own have various verification approaches that nullifies these bots their tracking.
This either by exploiting them automatically selecting the first option of all roles or verifying manually after some back-and-forth.
Good to have confirmed that this is an effective effort and worth keeping up with.
2:36 There is a opt-out button now instead of the "request removal" button. This redirects you to a blog post where it says you can send an email to them to opt out if you are within the EU (GDPR). There is also a section for people not in the EU, but that one sounds more like "maaaaybe" we are going to opt you out.
Edit: Some people say this is probably just a scam. And regardless, better don't put your real name there. (Theres also a good NoTextToSpeech video about this)
I wouldn't be surprised if he keeps the data fully intact but is then able to bolt on the additional information you've just given him to the existing data he has.
It's a one person operation - i highly doubt he'll take GDPR requests seriously.
It's just another reminder to be careful about what you put on the internet.
well looks like I'm screwed if my discord messages are getting leaked 😂
well tbh if you're posting on a public server you should know its "public"
it's only for public servers so if you put personal info into a public server that's your fault
That's not how that works. Nobody expected people to scrape the entirety of any discord server they were in.
They are not only for public servers there was a link to request ADDING to a server, meaning all you need is to send an invite link to the owner of the site, and specifically targeted LGBTQ, politics and other servers.
@@r8gg what you said makes quite literally 0 sense. It targets public servers
@@r8gg idk bro if it is possible to join a server with a link its as good as a public server - all you need is a zoom meeting password or a google meet code to join
lmao. many years ago i was telling people to not put details on discord that could come back on them, people with large bitcoin wallets etc. what i said, is every so often i hear about some person getting violently assaulted in their house and there is a pattern to who. not that my warning was listened to.
For the discord one I would recommend: NO TEXT TO SPEAK Which explains everything in a more detailed way, Something you shouldn't really cared about.Because it's public information not private information, plus uncovers the person who is behind it
@GhOs7-Operator nonsense analogy - you haven't lost anything by someone reading your messages in a public forum any more than you have lost something by me reading your reply. I have just copied your whole comment here on YT and I will be saving it on my server - am I breaking into your house?
A better analogy would be "if I said something in a crowded place and you heard me say it, can you use that information". While we can sit here and argue whether it is ethical to do it, this doesn't change the fact you shouldn't say private and sensitive things in public or if you do - you should expect that someone might have heard them.
Alright who in hell will want to pay for the privilege of seeing fire emojis and nonsensical stuff sent by another user that's not you?
In other news, water is wet.
Best cyber news channel.
Your great at putting it into easy and understandable terms. 🎉🎉😊
"it's not clear who owns the site" * ntts walks in*
Owner got spooked by notexttospeech's video xD
Today is a good day 😊 thanks for the upload 😊
This isnt problem. Irc and archives of its channels was very important with good search. I see this only beneficial for all.
Okay, you have to give it to them, that "Request Removal" button is hillarious.
It is their key flaw. If anything screams "sue me because I'm a scammer" it is that link.
Ntts did a great video about this website
ohh noooo, my public messages are public oh nooooooooo what ever am i gonna dooooo
yall didn't see this comming years ago? lmao
Regarding the Telegram exploit, I think they should do it the other way around: instead of having a list of “unsafe” file formats that are blocked, maybe they should just have a list of “safe” file formats and block everything else. That would be future-proof in case new file formats appear.
Well that's great...
So you are telling me the Telegram Desktop client just executes whatever attachment you have... I feel like if the Python attachment vulnerability is fixed soon a new one will be discovered soon, just find an extension not in the list that people might have installed and bundle some arbitrary code in it! Also if this is targeted to someone you know it might be even easier since you know the programs installed...
EDIT: Just think about all the legacy extensions that still work.. I feel like this could be full of vulnerabilities
I visited the site today, you can apparently actually request data removal now
I checked a server with 456k members
No info on it lol, I also checked mine, and a few others with less than 10k members none came back with anything.
Also this isn't the first time something like this has happened, few years back same idea but they seemed to be far more advanced (in the sense it knew of 15+ servers I was in) along with testing it on friends some of which listed them in 40+ servers.
Corrections for spy pet:
- The screenshot you see on the home page isn't really showing messages of any random user but for some prominent people in Discord datamining and scambaiting community
- It is known who is behind the site, it's the user named "Unknown"
- Request removal now actually leads to some other page with supposed methods of requesting data removal, but it's doubtful that it's true
Watch the recent video by No Text To Speech about this topic for a better explanation
you could always just create an exe, use uni ext spoofing, embed picture into file as a resource and have the exe launch the picture during execution while also launching shellcode. not the same thing but wtv
The "opt out" page now works.
it's over boys
We really should transition to whitelisting accepted file extentions, possibly with a selection menu in settings...
Blacklists are a recipe for overlooking important things...
You would think when your blacklist is beginning looking like a paragraph entry you would start thinking of using more efficient and safer methods
I like how they just made up the 0.01% number, thinking only 0.01% of Telegram users (probably not normies) have Python installed is absolutely wild
Maybe watch the video from NoTextToSpeech. He uncovered the user behind that page
he just found his other profiles
love seeing these pop in my recommended has got to be my favorite channel no lie
imagine they have all messages about the leaked military documents on discord servers like war thunder and so on even DCS world
military is a joke, just some dudes who sacrifice their life for a illusion and not playing fornite
What about all those free bots that we can add to our private servers with our friends? Since they are given permissions to read messages, who is to say that they have been selling data to 3rd parties? Of course this is all speculation and I don't have any data to support this claim. It's a scary thought that occurred to me after watching this video.
spy pet seems to have changed their opt out sote
It's actually pretty smart.
You know you cant use link markdown in closed captions... right?
2:57 its not clear who runs the site
no text to speech: i got u homie
do they sell infos from dms as well or just servers???
A lot of elephant and castle map snapshots in these videos...
Discord has a long history of issues, I don't understand why more people don't avoid it.
full of peter files as well. I'm glad their messages are searchable now, might help make some arrests.
@@artifactingreality Too bad the real use of this website was for harassment of people in (quote by unknownsrc, the owner of that website) "LGBTBBQ servers", political servers and all that.
Also it won't help with anything because you still have to comb thru billions of messages, without the consent of millions of users, out of a data pool that's barely a fraction of all that is on Discord. Not to mention most of those bad actors do their deed in direct messages, that aren't affected.
@@prieadieu well fair enough.
are usually either kids who look for chat or streamers who do voice chat
@@prieadieu as long they dont use personal irl information on their discord account, nobody can't hurt them (talking about lgbt and so)
Every year a new iMessage vulnerability..
oh no my ets2 screenshots what ever will i do if they get out
Finally time to be the no.1 gamer word user 🙏
@Seytonic btw with the Discord thing NoTextToSpeech said everything and who the person is by the way.
Happy 420
lots of discord bots like the music ones had the rules to read messages by default ....
What's a Discord bot which can't read messages gonna do? Talk to itself?
I LOVE that discord "leaked" 😆😆so dumb the idea that these things could be public and private at the same time -- literally just copied what was public already and put an interface on it -- this should be 100% legal if it isnt already
So happy I deleted all my messages last year
How can u scrape a private secure server?
Do u mean public messages?
Jokes on them I already have access to my messages
Seytonic watching NTTS confirmed :)
If he did he wouldn't have said the person behind the site is anonymous
yeah
@@Maxikinzthe videos were posted within 24 hours of each other, there's a good chance NTTS's video wasn't up while Seytonic was writing and recording his script. Video production takes a good bit of time, even for simple stuff like this.
I guess noone saw the smiley at the end of my comment. Yes, they could have both bumped into the same thing, or what I just said, but this was merely a joke.
@@Jono997 exactly, breaking news and events get covered in parallel... the content you consume first, might not technically been the first to 'print' but does that matter?
I bought the minimum amount of credits to check my own messages, thank god there was none for mine
does it show private dm also or only server message
its all over bros
if you don't own the server it's illegal to sell user data, but Google? reddit?
1:54 bruh leornado AI
Damn that's worrying, but from my understanding it's scraping off public servers, so as long as you disabled the embed / public invite link then you're pretty much good? And if you don't want to disable that then your messages are pretty much out in the open for anyone anyways
Not necessarily.
They are not only for public servers there was a link to request ADDING to a server, meaning all you need is to send an invite link to the owner of the site, and the owner specifically targeted / requested links to LGBTQ, politics and other servers.
The bot would join, and provided the server didn't have anti-bot detection or something like that it would scrape all the known messages so even if it got banned you were f*cked
@@r8gg bot like user bot, right? i saw my server there, but had 0 messages and they only imported 50 of my 300 emoji. imagine THAT
The telegram response shows, why you cannot trust ANY company, no matter what they say when there are big things at stake, especially your privacy and security. Just because they haven't found the zero day (DUH, the name's ZERO DAY "zero days since discovery" for a reason... ) I laughed when they literally dismissed the claim with "we haven't found the zero day vulnerability, so it does not exist". You cannot make that ish up.
??? Why is telegram using a blacklist for harmful file extensions you are supposed to use a Whitelist so that all of them are blocked by default. Trying this via a blacklist is a losing battle
They changed it on spy pet that you can now opt out.
It's just a publicity stunt. DO NOT SEND YOUR PERSONAL INFORMATION TO THE EMAIL. Watch NTTS's video on this he strongly discourages doing so as the guy will likely just use it to attack you.
It's probably still just a cover up so that they don't get taken down. There may be a takedown request page, but there isn't any actual enforcement.
if that "0.01% of our users have python installed" thing was true, then I'm questioning how they know that, and if it's false I'm questioning why they'd lie about that
So it's not good either way
Ankh-Morpork Thieves' Guild approves
this looks like big GDPR issue
btw, the person behind the discord thing doesn't have very good opsec, and we kinda know who they are.
No Text To Speech made a video on it.
Just a small correction, people do know who runs the site. He has already been doxxed, the most I can say is he is based in the EU
Ok
he not anonymus if you see ntts video about the site
damn, if i only knew i could sell my hateful messages...
selling hateful and racial messages rn
@@gideon5942 no, i gave them for free, you could print it on a shirt and make money off of it, that is how generous i am.
free hate for all
@@gideon5942 and why is it racist ?
@@PhinkTink why give them for free when they you can get paid hating 🙏🙏🙏
Ah, thought the gc was leaked
Great Video :)
Yeah I’m sure you know all about it since apparently you watched a 10 minute video in 1 minute lol
@@zabrid9143It's a Seytonic video, don't need to watch it to know it's a great video.
Yeah, You cant? Skill Issue!!
is not something new, the discord thing is since 2018-2019
Meh, my truly devious messages only appear in DMs, so I'm all good
As far as you know..
Leaks happen all the time. Most of the time it isn't even public.
I deleted my discord account 2 days ago when I couldn't use it unless I agreed to the latest TOS. I ended up having to agree just so I could access the delete function. :(
bruh they are savages lol
for future reference it's still possible to email Discord to delete your own account w/o needing access w/in the app, assuming you use the same email your account is under to contact them.
failing that, if you don't use the account for two years they'll pretty soon after schedule it's deletion.
>imagine not using Signal
The online identity not real of the owner of the site has been exposed by ntts
Considering Discord is part-owned by Tencent, all your messages are up for grabs anyway.
Is this a surprice? Discord is public. I'm not saying this is ok but i'm saying that some people get too confident and forget the messages are public and NOT secured.
Also whats with cyber-crims use anime profile pictures
Thank goodness that I am not a discord degenerate and use discord 24/7 lol
Sorry for those discord degenerates that were offended lol
holdup.. giving an autib data broker company all your data..
Can anyone get on the site? I'm getting a 403.
Wait this isn't ntts
How my life is less dramatic without all these crypto and stuff. Is the govt spying on me? Most likely. Am I to be afraid of something in this regard? Mostly unlikely. And my suspicious mind got a thought today when watching about firefox being open source, wondering: can it be compromised by an attack similar to the XZ that was recently prevented in its course?
i thought this was ntts video before clicking
hackers finding out my n word spams
Its a little bleh that this tool has finally come out. We knew something like this was a matter of time. At least pentesters will have a new OSINT tool in their belt...
what u talking about? those are since forever, just nobody didnt made vids of them
@@AEGISAOE I have never seen a discord one like this. Of course theres a load of OSINT tools out there, the only one close to this that I have seen is one specifically pulling from well known racist/nazi groups on discord. Never saw one that pulled this many messages from this many public servers.
4 billion isn’t a lot…
This is interesting though: Data brokers are pretty much illegal in EU, so they legally cannot trade data of EU citizens. GDPR is very much clear in this case, your data should be safe according to laws.
HAHAH! Man, I'm not sure if you are joking, but if you are, you got me good!
You think cybercriminals care about GDPR? Ive had big established companies not care about it boy 😂
wanna throw in a seizure warning
My Discord messages are impossible to hack... Because I have none 😢😂😂😂😂
When are the Capitalists going to learn that Community Bulletin Boards are NOT a profitable venture?