Discord added a button that says "Scan QR Code" - sounds fine, right?

But it's actually for login, so if you convince someone that it's a promo QR code for free Discord Nitro or a free game, and tell them to scan your login QR code, wow you just logged in as them with zero confirmation!


There is no indication in the UI that scanning someone's QR code can do that, it just looks like a normal QR code scanner.

