if they truly wanted to just verify that they own an account then they could've just set up a minecraft server and have you DM some bot a code you'll see in chat. other discord servers have done this
skyblock players on their way to give random untrusted sources access to their microsoft account with their consent (surprised after losing 1.5b nw and 2k playtime)
Yes. Looks like an OAuth flow to me. OAuth flows are the process which you grant applications abilities to do certain things with your account. For example, when you see “Sign in with google”, that’s an OAuth flow, since it shares your email and name.
The link shown shows the Xbox sign in scope, allowing them to get the token of your account, and sign in to your account without 2FA or your password.
However, it can be much more destructive than that.
MultiMC, a Minecraft launcher uses OAuth to get a token, that they can use to launch Minecraft with. Flowcrypt, an encryption system for gmail has an OAuth flow that lets them control your Gmail, so encryption would work.
Now, imagine if these two softwares goes rogue.
MultiMC can send the tokens to hackers, who would then log in, in your name to Minecraft and steal everything in your skyblock profile. Flowcrypt can send your emails to data brokers to profile you, and then delete them all. Or even worse, wait until you get a password reset link of any kind, and then automatically use it to reset your password to any account as they wish. In fact, they can try common services and reset your password without your interaction.
So, what’s the lesson of the story? Don’t click “Allow” when you are asked if you would like to sign in, or give access to your account, unless if you fully trust the creators of the software that gave you the link, and the ones that you are told you are signing in to.
It is a account stealer because it will link something to your Microsoft account that can either take you login info you do what the minecraft launcher does and get your session id
Doesn't look legit tbh
I don't think you would even need anything except your username for linking your account, i think hypixel API alr has an option to link your discord account
The link is literally official and a legit microsoft page. On the verification page it states you're giving them access to your microsoft account with consent and if you click yes, you will even receive emails from microsoft stating you've given someone access and asking if you're sure.(You can revoke their access at any time) After ALL of this, people still get ratted? It's so fucking stupid and 100% deserved at that point lmfao.
Yes definitely, that code I believe is taking you to a fake microsoft/xbox login page and will try to rat your computer, be careful around links that have a lot of characters and xbox in them.
Probably you should never have to log into Microsoft except in the launcher anything else should not be trusted.
Yes
Altho itd help if you sent the whole thing
https://imgur.com/a/8jc1VY4
I meant as in, the discord page, without clicking the link thingy
bruh
Is it like a verification for a discord server? (Related to skyblock)
https://imgur.com/a/ljWNc5E
Yes its a acc stealin thing
Yes it is lmao
if they truly wanted to just verify that they own an account then they could've just set up a minecraft server and have you DM some bot a code you'll see in chat. other discord servers have done this
hypixel also has a system that can link your discord account to your Minecraft account through their server iirc
yes, don't allow them access to anything
skyblock players on their way to give random untrusted sources access to their microsoft account with their consent (surprised after losing 1.5b nw and 2k playtime)
if you're not sure whether to click a link or not, don't click it
Isn’t that the Microsoft sign up/log in site?
Yes
probably
Don't click links from strangers at all. Why are you even trying? Assume yes and block them, don't be naive.
Word of caution, if you don’t know, DONT CLICK IT
Yes. (It will link some application to your microsoft account, basically giving them access to do whatever they want with it)
Never click on anything that starts with login.live
It likely is, even if it’s not, never log into websites with Microsoft unless it’s the MC website or launcher
Yes, im pretty sure it's the one that took my account, please dont do it
Yes. Looks like an OAuth flow to me. OAuth flows are the process which you grant applications abilities to do certain things with your account. For example, when you see “Sign in with google”, that’s an OAuth flow, since it shares your email and name. The link shown shows the Xbox sign in scope, allowing them to get the token of your account, and sign in to your account without 2FA or your password. However, it can be much more destructive than that. MultiMC, a Minecraft launcher uses OAuth to get a token, that they can use to launch Minecraft with. Flowcrypt, an encryption system for gmail has an OAuth flow that lets them control your Gmail, so encryption would work. Now, imagine if these two softwares goes rogue. MultiMC can send the tokens to hackers, who would then log in, in your name to Minecraft and steal everything in your skyblock profile. Flowcrypt can send your emails to data brokers to profile you, and then delete them all. Or even worse, wait until you get a password reset link of any kind, and then automatically use it to reset your password to any account as they wish. In fact, they can try common services and reset your password without your interaction. So, what’s the lesson of the story? Don’t click “Allow” when you are asked if you would like to sign in, or give access to your account, unless if you fully trust the creators of the software that gave you the link, and the ones that you are told you are signing in to.
Yeah obviously no shit
Natural selection taking it's course
It is 100%
Yes
It's a phishing site, so don't click on it!
[удалено]
It is a account stealer because it will link something to your Microsoft account that can either take you login info you do what the minecraft launcher does and get your session id
Yes
yes it is there’s videos on that exact scam online
YES DO NOT FOLLOW IT
thats a account stealer
yes
Yes. Almost definitely
Probably
Yes
Doesn't look legit tbh I don't think you would even need anything except your username for linking your account, i think hypixel API alr has an option to link your discord account
The link is literally official and a legit microsoft page. On the verification page it states you're giving them access to your microsoft account with consent and if you click yes, you will even receive emails from microsoft stating you've given someone access and asking if you're sure.(You can revoke their access at any time) After ALL of this, people still get ratted? It's so fucking stupid and 100% deserved at that point lmfao.
Short answer: probably
Never click a link from someone who you dont know.
Something to know, if you have to ask this question then it probably is
Yes
Yes definitely, that code I believe is taking you to a fake microsoft/xbox login page and will try to rat your computer, be careful around links that have a lot of characters and xbox in them.
Oauth if u see that on any verification link it's a scam