Unknown Users Cause Security Breach

Hackers in VRChat, picture by PhoenixVR.

While the Trust and Safety system may be working fine for the majority of VRChat, no one is safe outside of it, as it appears that users reported new problems caused by unknown individuals.

According to some people, they received links from phishing frauds, some of which were disguised as their friends on Discord. One of the very first public announcements in regards to this issue presented in popular community groups was published last Thursday on the “VRC Traders” Discord server.

“I'd like to warn everybody of something going around,” Ghoster said last week. “If one of your friends randomly sends you a Google Drive link, do not click it. It seems they have the ability to take control of your Discord account and spread the phishing scam. It has already affected at least one friend of mine, and some of them may send you a message with a convincing link, be careful out there.”

Later, on October 22nd, VRChat themselves made a public announcement. On behalf of the team, Tupper said, “You should always ensure that you are using unique, strong passwords for all online services, including VRChat. Don't ever open links sent from random users, and never open EXE/SCR files from anyone, even if you trust them.”

Also, Tupper told users to avoid using Unity packages, including VRChat SDKs, from sources they don’t know or trust, since the packages might contain codes developed with malicious intentions.

“Finally, do not enter your VRChat credentials into anything except the official app,” he continued in the announcement, ”our SDK (downloaded from our sites), or our official websites (vrchat.com, vrchat.net). Never enter your username/email and password anywhere else.”

Just as Tupper said, if you believe your account has been compromised, contact VRChat at moderation@vrchat.com and mention "Account Compromised" in the title of your email with all details of the incident.