Twice in the last 3 days, Discord has auto-disabled my account, claiming "suspicious activity", saying "your account may have been compromised."

I attempt to open Ripcord, and my login token is rejected. I check my email, and I have a notification from Discord, telling me my account is disabled until I reset the password. I have reset it twice now, with increasingly difficult passwords, and I await the inevitable reset sure to come.

I haven't had this problem for the last 2+ years, it has only started recently. The only nonstandard use I can imagine for my account or my token is through Ripcord, which I far prefer to the bloated Discord app. I suspect they may be flagging that activity, in true "No Third Party Client Allowed" fashion, but I can find no way to avoid it.

Same here, this began two days ago for me and I now get about 24 hours out of a token at a time before having to reset my password again.

Same. It's very annoying. I don't know what to do about it.

Obviously, I haven't changed anything in Ripcord. This is something Discord has decided to do.

I confirm this. Twice in last several days I was asked to reset my password. It's very annoying.

Looks like these data grabbing suits from Discord are trying to finally kill your application @cancel

Damn. Maybe you need to try to mask your app as official client so that new detection won't work.

I've run into this issue as well, my account was first disabled Sep 3, 2021 at 12:19 PM PDT

For folks that encounter this problem --

After discord forces you to change your password, you can actually change it right back to what it was (or bounce back and forth between two passwords each time this happens). It doesn't appear to check for old passwords, so you don't have to keep making more and more complex ones or anything like that.

This seems far more likely to happen if you have Discord open in a web browser at the same time, i.e. to mess with discord settings, at least in my limited experience. Maybe the 'suspicious activity' is a rate limit of some kind?

Yeah Got The Same Issue Today .

I'm pretty sure this is just a problem with newer anti-spam/anti-hijack heuristics on Discord's end being tripped unintentionally. I'm going to wait a bit and see if they tweak it on their end, and if not, I'll try making some changes to Ripcord.

Anyone tried enabling 2FA as the email says? I did and will report back if it makes any difference.

I have not enabled 2FA, but they did disable my account again as expected.

I would suffer 2FA if it meant they leave my account alone while using my token for legit 3rd party software. I'll wait to see what Tatsh's experience is.

Otherwise, their app is so bad, that I will simply keep resetting it every day if that is what is required.

I have 2FA, it doesn't fix it.

I do think it tends to trigger when running it in a browser window simultaneously with Ripcord, but I'm not certain.

maybe a combination of using the OG client ( which is a web app ) and Ripcord can trigger it. Just got hit by this, I'll try using only Ripcord and see if that helps

Please, upvote implementing threads! only reason I have to use the OG client.

I am not using web client and it still forces me to change password. I am only using Ripcord on desktop and android app on phone.

It doesn't matter what you do. Even with 2FA just got another account disabled message.

After changing my password yesterday, I tried leaving the official client and ripcord both running continuously, but my token still got disabled.

As most of you, my discord account gets disabled almost every day since ± a week.

However, after having my account disabled yesterday, I did not launch ripcord again for a full 24 hours, and my account got disabled again tonight. So there is something else going on..

(I used discord web on 2 different computers + discord app on my android phone (which may be outdated) between the two "bans")

I guess the question is, what is Ripcord doing differently that'd be detectable or otherwise trigger this?

If anything I'd have thought it was doing less than the regular client, but perhaps that's an issue, too? Many web-based spam filters view lacking certain headers or not making requests in a particular sequence (i.e. going straight for a submission endpoint) as a sign of bot access.

Also, is it possible that the warnings are legitimate? That is, might someone have determined a way to compromise the tokens of Ripcord users - say, by finding a way to post a file or send a chat request that results in authorization token being leaked, and then be using them? To be clear, I doubt this is the most likely explanation - it just struck me as worth considering.

If it can help, some of my account disabling happened right when I did this from ripcord: - sent a friend request - sent a private message (not everytime ofc but it happened to me twice after sending a private message to a new person each time)

There might be several issues triggering account disabling, some not even related to ripcord (had my account disabled again without even using ripcord, which rules out token leakage (for this time) too since I didn't extract my token this time).

I don't think anyone is compromising accounts via Ripcord. I believe the forced password resets are in error.

I haven't had any reports of forced password resets in the last 48 hours, so maybe Discord has fixed their issue.

FWIW my account has not been disabled in 4 days, of using the app on the phone, as well as Ripcord on my PC.

Since the e-mails were about account compromise, I decided to write Discord to ask them to stop locking me out, that I have MFA enabled, etc etc. After several rounds of hemming and hawing they've abruptly changed from "can you send me a screenshot of the issue" to, and I quote:

"Third-party clients (like BetterDiscord/Ripcord), self-botting, or other abuse of our API are considered violations of our Terms of Service. We do not recommend engaging in any of these behaviors."

I really don't want my Discord account banned, and have discontinued using Ripcord for the time being, which has left me feeling a little sore about having paid to register, but I guess that's how it goes.

To clarify, as I notice I drifted from the point I originally meant to make - the above is to say, "They definitely know they're hitting Ripcord users."

It's a bit odd they would say that, since Discord's terms of service doesn't even mention third party clients. Read it yourself if you don't believe me. Maybe they're confused and they believe Ripcord is a mod of the web client?

Closing because the problem went away after Discord fixed something (I have no idea what.) If it comes back, I'll reopen it.