Malicious OAuth2 App

• General Summary
• History
• How It Works

General Summary

A malicious OAuth2 app can take your data such as your guilds, email, your connections (such as GitHub, YouTube, etc.). It can also make you join servers, without you knowing, whenever it wants.

History

OAuth2 Applications were added to Discord around June 2016. However there isn’t much information on how and when the scam was started.

How It Works

This is safe and can be used on anyone.

An OAuth app is used when inviting a Discord bot, so when you are adding a Discord bot a request is being sent to Discord and if there are other parameters and a redirect URI, a code (not your token!) is sent to the application requesting for the OAuth. Read more at the Discord Developer Portal.