Search This Blog

Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Showing posts with label Discord user data leak. Show all posts

WeedHack Malware Infects Over 116,000 Minecraft Players Through Fake Mods and Cheats

 

Early this year, a large-scale digital attack named WeedHack began spreading, tricking more than 116,000 Minecraft players worldwide. Instead of harmless add-ons, what seemed like useful mods carried hidden malicious software. Often, victims found these files through deceptive video guides or altered web searches promising better performance. Behind the scenes, once installed, the malware quietly pulled usernames, passwords, and crypto wallets from infected devices. 

Though warnings have been issued, experts confirm the operation is still active - expanding its reach steadily. Over 116,000 devices now show signs of intrusion by WeedHack, according to McAfee. Daily infection rates climb between two thousand and three thousand fresh cases. The United States, Germany, India, and the United Kingdom account for most affected users. Analysis revealed a network built on over 240 harmful web links. Close to 3,820 distinct JAR files were tied directly to distribution efforts. 

YouTube dominates how users encounter these threats, alongside skewed search outcomes. Hidden inside video descriptions or comment sections, harmful links promote counterfeit Minecraft modifications. Appearances deceive - some productions include polished narration and real-looking game scenes. Their legitimacy grows when large audiences watch, boosting visibility for players seeking add-ons. Not stopping there, attackers also twist how search results appear. 

When someone looks up reliable software such as Meteor Client or Radium Client, fraudulent pages rise to the front. Because real modifications often live solely on GitHub without proper web addresses, fraudsters take advantage of that emptiness. Looking nearly identical to authentic sources, these imitation platforms blur the line between secure and risky picks. 

Surprisingly, McAfee spotted a harmful website showing alerts about counterfeit Skytils downloads - yet it also included links to authentic GitHub and Discord sources. Even though the layout seemed reliable, visitors were handed corrupted files without their knowledge. Users ended up running malicious software, misled by the site’s convincing appearance. Unlike most infostealers, WeedHack runs in plain sight - offering its tools via a malware-for-hire model. 

Its visible control panel allows access to compromised systems. Data taken from victims appears there, clear and sorted. From that interface, new harmful setup files can be built, targeting Minecraft builds numbered 1.21.0 up to 1.21.10. Stolen details include Minecraft session tokens, saved browser passwords, and active cookies. Access extends to Discord, Steam, Telegram logins without consent. 

Cryptocurrency wallets get targeted too - data pulled silently. Screenshots captured behind the user's back round out basic features. Priced at five dollars monthly or twenty-five once, enhanced tools unlock next. Remote desktop viewing arrives with payment. Webcam operation follows closely after. Keystrokes recorded continuously come included. Control over a victim’s command line appears in paid tier. Managing files remotely completes the package. 

Over eight hundred members are part of WeedHack’s Telegram community, studies indicate. Though some seem underage, a number act through its online interface to target others or access personal data. Most security specialists suggest grabbing mods solely from verified platforms, checking URLs thoroughly - while skipping any JARs sitting on shady domains. When it comes to add-ons with fewer dangers, Minecraft’s built-in marketplace tends to be the safest path available.

Cybercriminals Exploit Law Enforcement Data Requests to Steal User Information

 

While most of the major data breaches occur as a result of software vulnerabilities, credit card information theft, or phishing attacks, increasingly, identity theft crimes are being enacted via an intermediary source that is not immediately apparent. Some of the biggest firms in technology are knowingly yielding private information to what they believe are lawful authorities, only to realize that the identity thieves were masquerading as such.  

Technology firms such as Apple, Google, and Meta are mandated by law to disclose limited information about their users to the relevant law enforcement agencies in given situations such as criminal investigations and emergency situations that pose a threat to human life or national security. Such requests for information are usually channeled through formal systems, with a high degree of priority since they are often urgent. All these companies possess detailed information about their users, including their location history, profiles, and gadget data, which is of critical use to law enforcement. 

This process, however, has also been exploited by cybercriminals. These individuals try to evade the security measures that safeguard data by using law enforcement communication mimicking. One of the recent tactics adopted by cyber criminals is the acquisition of typosquatting domains or email addresses that are almost similar to law enforcement or governmental domains, with only one difference in the characters. These malicious parties then send sophisticated emails to companies’ compliance or legal departments that look no different from law enforcement emails. 

In more sophisticated attacks, the perpetrators employ business email compromise to break into genuine email addresses of law enforcement or public service officials. Requests that appear in genuine email addresses are much more authentic, which in turn multiplies the chances of companies responding positively. Even though this attack is more sophisticated, it is also more effective since it is apparently coming from authentic sources. These malicious data requests can be couched in the terms of emergency disclosures, which could shorten the time for verification. 

This emergency request is aimed at averting real damage that could occur immediately, but the attacker takes advantage of the urgency in convincing companies to disclose information promptly. Using such information, identity theft, money fraud, account takeover, or selling on dark markets could be the outcome. Despite these dangers, some measures have been taken by technology companies to ensure that their services are not abused. Most of the major companies currently make use of law enforcement request portals that are reviewed internally before any data sharing takes place. Such requests are reviewed for their validity, authority, and compliance with the law before any data is shared. 

This significantly decreased the number of cases of data abuse but did not eradicate the risk. As more criminals register expertise in impersonation schemes that exploit trust-based systems, it is evident that the situation also embodies a larger challenge for the tech industry. It is becoming increasingly difficult to ensure a good blend of legal services to law-enforcement agencies with the need to safeguard the privacy of services used by users. Abuse of law-enforcement data request systems points to the importance of ensuring that sensitive information is not accessed by criminals.

Discord Data Breach Exposes User IDs Linked to Age Verification Appeals Amid Rising Privacy Concerns

 

Discord has confirmed that one of its third-party customer support providers experienced a security breach, resulting in the unauthorized access of some user data — including government-issued IDs.

The incident has reignited concerns about age verification laws across regions such as the UK, US, and the EU, where many users have turned to VPNs to avoid sharing sensitive information due to cybersecurity risks.

Cybersecurity experts have long warned that collecting personal data like government IDs is a “disaster waiting to happen,” arguing that platforms requiring such information for age checks are prime targets for hackers.

Discord’s case appears to support this warning. The company revealed that IDs accessed during the breach were submitted by users who had “appealed an age determination,” rather than those directly providing identification for verification.

The company explained that an “unauthorized party” infiltrated its third-party customer service system “to access user data, with a view to extort a financial ransom from Discord.”

The extent of compromised data varies by user, but may include:

  1. Name, Discord username, and email address
  2. Contact details and limited billing information
  3. IP address and correspondence with support agents
  4. Limited internal business data
  5. Government ID images

Discord clarified that credit card details, CCV codes, passwords, and chat messages were not affected. Users impacted by the breach will receive an official notification from noreply@discord.com
, and those whose ID images were accessed will be explicitly informed.

After discovering the incident, Discord revoked the vendor’s access to its ticketing system, initiated an internal investigation, and alerted law enforcement. The platform also reviewed and strengthened its security and monitoring systems for third-party partners.

Discord has urged affected users to “stay alert when receiving messages or other communication that may seem suspicious.”

The breach underscores the potential privacy risks tied to age verification laws, as the compromise of ID information demonstrates how easily sensitive data can become vulnerable. Although the stolen IDs were not taken from a dedicated age verification provider, the situation highlights the inherent dangers of sharing personal data with third-party services.

Critics maintain that users should not have to submit personal documents to access online platforms. While the laws aim to protect minors from harmful online content, privacy advocates suggest more secure alternatives exist.

Laura Tyrylyte, a privacy advocate at NordVPN, stated that “device-level controls are the most effective way to manage children's internet access,” citing parental control tools as examples that allow parents to block certain apps, set age limits, and manage downloads.

The UK’s Online Safety Act, implemented in July 2025, mandated nationwide age verification, which led to a surge in VPN usage as users sought to bypass the restrictions. In the US, 24 states have already enacted similar laws, with more expected to follow soon.