Helping someone spread the word of how they had found themselves in phishing incident and the phisher used this site to distribute(screenshot shows of where user got phished and it started sending out said link to people. The phisher deleted their message but you can clearly see in convo that person tried to get the other to play game and it worked)

This is an insult to game developers and can only hurt those wanting to help playtest now that this occurred and the fact that Discord has yet to fix the phishing rampage is ridiculous. LINK TO THE DANGEROUS IO PAGE IS IN SCREENSHOT ON TWITTER POST! 

Link on Twitter: https://twitter.com/Samsterpiece2/status/1421172175453790210?s=20

Link on Reddit(with more detail and backstory provided):
https://www.reddit.com/r/discordapp/comments/ouo5wx/what_the_lack_of_security_in_discord_is_causing/

Other instances of Discord Phishing and hacking-- Popular game called Tower Unite got hacked:

https://twitter.com/search?q=tower%20unite%20discord%20hacked&src=typed_query

To help give more context: The person has always been careful and regularly visited this site to help friends who are game developers test stuff. Since link was itch.io and their familiarity with their site being nothing but a positive experience, they decided to help playtest like they usually do.

Now they lost one grand in nitro gifting due to the phish and they no longer are helping anyone with playtesting. And it hurts more that the dms and such came from a friend of theirs that even they aren't sure anymore if its their friend now or compromised, hence they blocked said user. Something needs to be done.

the game and the user are gone from itch.io so i couldn't run a test on any.run if you have the file you can upload it and test it for me. It will give screenshots and information of where it will it is going in the internet. Other than that this doesn't seem to be a problem with  itch.io but discord. Even if wasn't uploaded to itch.io the virus software should still work the same in another uploading site like Drive or Dropbox.

The person got hacked, you believed in the hacked person, you let Discord keep your paypal information, Discord fault for doing nothing or not fixing this fast and Paypal fault for not stopping the $1000 payment that happen within  minutes. The only way this scam works is if the criminal got hold of Discord users who download the Discord software and the user has the payment saved on Discord. They make Discord software do something on payment section of Discord code and Paypal believes it is you.

This is not itch.io fault it's Discord and Paypal, as well as you for  having a saved billing  option.