Hello Anvilites! On April 10th, an administrator account of our Discord server was compromised, resulting in the deletion of most of our Discord server. Fortunately, we have an amazing team of moderators and admins, and we got back on track really quick. The Discord is now safe again (join here!), and here’s everything you need to know about what happened!
Before anything else, the issue was contained within the Discord server. World Anvil itself was not compromised and all of your data is safe.
For members of the Discord server:
During this event, a link with a virus file (with the .bat file extension) was distributed among Discord users. If you clicked on the link, even if you didn’t download anything, follow these steps:
- Log out from Discord from all locations (look for the “Devices” section in your Discord account settings).
- Unlink your Discord account from all apps, bots, and webhooks.
- Use the Malwarebytes antivirus software to delete the bat file and scan your device for viruses.
- Change your Discord password.
We recommend enabling 2-factor authentication on your Discord account as a security precaution, especially if you moderate any servers.
What happened?
On April 10th, at 6pm Eastern Time (2am UK time), a Discord account with administrator permissions was compromised. This resulted in most channels being deleted and a link containing virus being sent to members of the Discord server. The moderation team was immediately alerted by several of our users and a few minutes later we secured the compromised account. Half an hour later, we began the process of restoring the deleted channels again, while taking preventive measures and figuring out how that happened in parallel.
Everyone with an admin role in our server has 2-factor authentication enabled. After investigating, we believe that a bad actor found a webhook pertaining to a bot that was deprecated but still connected to the admin account. Through this webhook, they gained admin access to the server. We have now disconnected this webhook and will closely monitor any third-party bots in the future to avoid similar situations in the future.
What’s next?
The Discord is safe again! If you left, you’re welcome to join again. If you weren’t in the server before, you’re also welcome! Click here to join the Discord server.
While most of the lost channels have been re-created, some are still missing. In the coming days, we’ll be working to re-build the rest of the server as it was before. Keep an eye on the server #announcements channel for updates on this. As always, don’t hesitate to ping or DM the Discord moderators if you have any questions or issues regarding the server.
A massive thank you to the volunteer moderators and the Team members who helped resolve this situation so quickly. We’re very grateful to them—and to you!—for keeping this community as a beacon of positivity, creativity, and joy.
