A message to our friends from Coex Snowhart

We thought our DMs were private. We were wrong.

If you know us from Faerie, you know me as Coex Snowhart and my boyfriend as Axel Ironclad. We love the social side of FFXIV: meeting new people, joking around, and just being part of the community. But two days ago, that trust was weaponized against us.

What happened to Alex Protect your account

Our Story

It started with a simple file from his sister.

Trust Weaponized

Trust Weaponized: Malware disguised as a normal file from family.

Token Stolen

Token Stolen: Malware scrapes Discord cookies directly from the browser.

Permanent Lockout

Permanent Lockout: Attacker adds 2FA, locking out the owner forever.

Two days ago, my boyfriend Alex (Axel Ironclad in game) got a message from his sister. They send files back and forth all the time: photos, memories, life updates. We are friendly, social people, and we try to be trustworthy, so when a family member sends a file, you don't think twice. He opened it.

That was the moment our privacy died.

The file was malware. Within seconds, it scraped every cookie and saved password from his browser and uploaded them to a hacker. Before he even realized what was happening, they had changed his email and Discord passwords.

We fought back. We recovered his email. But the hackers were faster. They added 2FA to his Discord account the moment they got in. Now, Axel is locked out of his own history, and Discord says they "can do nothing" once 2FA is added by an attacker.

Why this scares me

I have been in IT for 30 years, and I still missed this.

I do this for a living. I thought that as long as I was careful, our private lives would stay private. I love being easy to talk to and helping people where I can, but this incident has changed how I look at every interaction online.

But here is what really keeps me up at night: It wasn't even my account that was hacked. Yet, because Alex and I have been dating for years, years of my private messages, my photos, and my life stories are now in the hands of hackers. Our history is "forever" on Discord, and now that history belongs to a stranger.

I am writing this because I care about our friends and our FC. I don't want this to happen to you.

The Shared Reality

We are not alone. And that is the most frightening part.

When Alex started telling his friends what happened, the floodgates opened. We have personally talked to over 10 people in our own circles who have experienced this exact same scenario: a trusted contact sends a file, 2FA is added by the attacker, and Discord provides zero help.

The sentiment we hear over and over from the community and on Reddit is devastating: "Give up hope."

Many people told us that Discord never restored their accounts. They just had to walk away from years of history, communities, and digital identity because the platform they trusted offered no path back. This isn't just one "unlucky" event; it is a systemic failure that is happening to people every single day.

The Reality of Discord

Why you should be concerned.

Your trust is the target.

You wouldn't open a file from a stranger. But would you open one from your sister? Your partner? Your best friend? Attackers weaponize your relationships to bypass your common sense.

Privacy is a team effort.

You can be the most secure person on earth, but if your friends aren't, your data is still at risk. Every "private" photo or secret you've shared is only as safe as the person you sent it to.

History is forever.

Discord doesn't forget. Hackers now have access to Axel's contacts from years ago. They can impersonate him to people he hasn't spoken to in forever, spreading the malware further.

"Just trust me, bro."

Discord wants us to upload IDs and personal information for "age verification." Why should we trust them with our government IDs when they can't even protect our DMs or help us when we're hacked?

What you must do

Don't wait until it happens to you.

01

Treat DMs as Public

Never share anything on Discord you wouldn't want the public to see. Assume that one day, the person you are talking to will be compromised.

02

Verify Out of Band

If a friend sends you a file or a "check this out" link, text them or call them first. Trust the person, but never trust the account.

03

Enable 2FA *Now*

It won't stop session theft, but it prevents hackers from adding their 2FA first and locking you out forever. Don't leave that door open for them.

04

Purge Your History

Regularly delete sensitive messages and photos. If the data isn't there, it can't be stolen. Don't let Discord be a permanent record of your life.

The Evidence

Our struggle with Discord Support.

I'm sharing these logs so you can see how little Discord cares. Even with an IT professional providing clear evidence, we've been met with nothing but automation and silence.

Initial Discord support request.
My initial report: clear, technical, and urgent. I explained exactly how the hack happened.
Discord support generic response.
Discord's reply: A generic, automated message that didn't even address the 2FA lockout.
My follow-up reply.
My clarification: I pushed back, explaining that the owner didn't add the 2FA. Still no help.
Escalation message.
The "escalation": A polite way of saying they don't have the tools to help right now.
My final detailed reply.
Final details: I gave them every bit of forensic data I could. They have not replied since.

Final Word

This is about awareness, not money.

I'm not asking for anything other than your attention. We love Discord for our FFXIV community and our friends, but we have lost the trust we once had.

Please, tell your friends. Tell your family. Don't let your private life become someone else's property.