←back to thread

Discord Is Threatening to Shutdown BotGhost

(update.botghost.com)
139 points exists | 1 comments | 23 Jun 25 20:16 UTC | HN request time: 0s | source
Show context
nxrabl ◴[23 Jun 25 22:32 UTC] No.44360872[source]
> A recent security breach on our platform brought BotGhost to Discord’s attention.

The breach in question is documented here: https://youtube.com/watch?v=lUiLBBab1RY

I don’t think there’s a text write-up, but tl;dw a combination of missing input sanitization and no-code UI trickery made it possible to leak other users’ bot tokens, and despite patching the exploit pretty quickly on exposure, BotGhost’s developer tried to cover it up and refused to reset potentially affected tokens.

replies(3): >>44360911 #>>44364446 #>>44367952 #
1. operator-name ◴[24 Jun 25 09:54 UTC] No.44364446[source]
The video is linked in the article, amongst the response, timeline and further fixed exploits.

But it is correct that the article does not reiterate the technical details of the exploit.