RARI Foundation Discord server compromise: Official report
As you might know, on August 8, 2024 the RARI Foundation server was compromised. The breach was first noticed when suspicious messages were being posted to #announcements channel. We immediately notified the community and took measures to secure the server, including:
Revoking the compromised accounts' access and removing links
Working with the server owner on resetting and restoring access to server admins and mods
Temporarily locking the server from invites and DMs for 24 hours
Analysis conducted by the RARI Foundation team indicates that the breach may have occurred due to phishing, resulting in credential theft of a server admin (commonly known as token logging). Our server is now secure, and there are many learnings and improvements we have been working on since.
Mitigation and Remediation Actions
The following actions were implemented on August 9, 2024 to mitigate the impact and prevent future incidents:
Revamping role permissions and adjusting channel-specific permissions
Audit of current onboarding, deprecating old onboarding steps, then enhancing with native Discord features and additional automod keywords in usernames
Upped auto-moderating via YAG Bot with additional flags on scam-related keywords, detailed member logging, and additional filters that go against community guidelines
Protecting yourself
Additional security measures you can take include reviewing your account security settings and resetting passwords with 2FA (enable two-factor authentication).
We also recommend that you review the Discord Safety Center.
And of course, a reminder: never click on suspicious links!
Conclusion
RARI Foundation Discord Server compromise has been contained, and normal operations have resumed. However, continuous monitoring is in place to detect any further suspicious activities. Thank you for your patience and continued support during this time.