Discord data breach: what happened and how to protect your account

Discord, a well-known communication platform for gamers and other online communities, has quickly become a central hub with over 560 million registered users. The app’s explosive popularity comes from its high-quality voice chat, community focus, and ability to create custom servers. However, that popularity has also attracted increased attention from cybercriminals, which led to several data breaches between 2023 and early 2025.

Discord isn’t less secure than other platforms, but its reliance on third-party integrations adds risk. Because of the app’s structure, users should be more protective of their data. Keep reading to learn more about each Discord data breach, what data was compromised, and steps to help secure your personal information moving forward. 

Was there a Discord cyber attack?

There have been several high-impact security breaches that compromised user data. The main ones came from third-party service compromises and large-scale message scraping. Discord is flexible, but its key selling point may have contributed to several vulnerabilities. 

It seems that Discord’s customizable servers, while convenient, allow attackers to target new vulnerabilities. Each Discord attack occurred under different circumstances, including support agent account takeovers through third-party integrations and data scraping of public servers. 

Overview of major Discord data breach events 

From 2023 to 2025, Discord users were affected by several security breaches. If you use Discord, your data may have been exposed by: 

• A support ticket vulnerability where cybercriminals were able to expose sensitive user information.
• The Discord.io breach, which impacted about 760,000 accounts.
• An incident where Spy.pet scraped billions of public messages.
• A data leak related to RestoreCord, which allegedly exposed Discord IDs, last-serving IP addresses and usernames of a certain number of Discord user IP addresses. 
• A more recent event in 2025, where cyber attackers scraped data from hundreds of Discord servers.

Because cybercriminals were able to attack from different angles, it reveals that Discord desperately needs stronger protections for user accounts. 

Support ticket data breach

That point is not more evident than in March 2023, when a Discord data breach happened after a customer support agent’s account was compromised. Cyber attackers accessed the agent’s support ticket queue and exposed sensitive user information. During the Discord data leak, attackers accessed:

• Conversations between users and the Discord support agent
• Any attachments the agent used
• Account email addresses connected to their queue

While Discord believed the attack was limited to 180 users, it mentioned that anyone who communicated with Discord support should take extra precautions moving forward. 

Discord.io data breach

Another breach happened in August 2023 involving Discord.io, a third-party service for setting up custom server invite links. Discord’s flexibility comes from its roster of app integrations, but this particular one contributed to a security breach that impacted over 760,000 user accounts. The Discord.io team reacted quickly, but threat actors were still able to access: 

• Email addresses
• User IDs
• Hashed passwords
• Some billing information

This Discord security breach reveals valid concerns about connecting external apps to Discord because of the increased vulnerabilities.

RestoreCord data breach

Another Discord security breach occurred recently, revealing one more third-party vulnerability through RestoreCord’s utility platform. LEAKD, a cybersecurity website, reported that the stolen data appeared on BreachForums, a well-known hacking forum. 

Through RestoreCord, this Discord data breach allegedly exposed nearly 1 million users. One user, Sythe, published a downloadable file on BreachForums. The data included: 

• Timestamps
• IP addresses
• User Discord IDs

Since then, RestoreCord has disputed the initial report, stating that a staff member inappropriately shared fewer than 5,000 IP addresses. The company also claims they randomly generate the IP addresses, making them unrelated to users. Mashable confirmed that the same database appeared on other hacker forums earlier in the year, casting doubt on RestoreCord’s claims. 

Spy.pet scraping incident

Discord uses APIs for legitimate server activities, but malicious actors can misuse them to collect personal data without consent. One case occurred in early 2024, where Spy.pet, a data harvesting website, scraped over 4 billion public messages from 14,000 Discord servers. The site sold the collected data online for approximately $5 in cryptocurrency. 

The attack impacted about 620,000 accounts, exposing: 

• User account data
• The messages and all their contents
• Identifying server information

Criminals can scrape data from Discord because the service’s automated bots publicly collect available user information from different channels. 

A new scraping incident in 2025

Discord’s troubles continue as reports of a new Discord cyber attack spread online. According to Cybernews, another threat actor scraped over 348 million messages from about 1,000 public servers. The cybercriminal is offering the data for sale on a well-known cybercrime forum.

The Cybernews researchers reviewed the data samples and have no reason to believe the recent Discord data leak is fake. They also confirmed the threat actors scraped the messages from Discord servers. The exposed data does not include private messages but still raises privacy concerns. 

What data was leaked in recent breaches?

Over the last two years, the Discord breaches exposed different types of personal data. There was some overlap in the exposed personal information, and each dataset carries various risks. Here is the kind of information cybercriminals could access: 

• Personally identifiable information (PII) – Anyone affected by the March 2023 support ticket breach could have their email addresses, names, and government-issued IDs compromised. 
• Access credentials and financial data – The Discord.io breach revealed encrypted passwords, some limited billing information, and the email addresses of over 760,000 users.
• Public messages – Data scraping has become a significant issue for online businesses. Events like the Spy.pet scraping, and the most recent 2025 scraping incident, happened because threat actors collected user IDs, usernames, message content, and more.  

How the leaked data could put you at risk

No breach is a good thing, but most people worry about what happens when their data ends up in the wrong hands. When criminals expose your personal information during a Discord data leak, it does not stay idle. They can weaponize it against you in many ways: 

• Identity theft – Breaches that involve state-issued IDs can make it easier to impersonate you. When combined with other personal details, such as your name, address, contact information, and bits about your family readily available on data broker sites, criminals can use this data to steal your identity, access your accounts, and commit fraud. 
• Harassment and doxxing – When cybercriminals scrape data, they can tie IP addresses, usernames and IDs together to create a detailed user profile. After harnessing the data, bad actors can further expose you through doxxing or repeated harassment. 
• Scams and phishing attacks – Cybercrime is evolving, but threat actors are still scamming and fooling unsuspecting users with phishing attacks. With a combination of your publicly available and leaked information, they can create persuasive phishing campaigns or scam you with vulnerable bots. 

Discord’s response and fixes: adequate or not?

Discord has taken steps to handle the breaches and notify users, but not without criticism. After the 2023 support ticket breach, the company alerted the affected users, deactivated the compromised account, and provided more guidance about securing their accounts. Still, users expressed frustration with the lack of transparency when disclosing the Discord attack. 

The Spy.pet breach highlighted more pressing concerns, despite officials taking down the data-scraping platform quickly. Discord banned the account responsible for the operation and issued legal threats, but it didn’t stop the community from asking questions. Like many others, they could not understand why user data was so easy to access. 

Reddit users pointed out that Discord’s API must lack the proper safeguards if it allows data scraping from public platforms. While information about the most recent 2025 scraping attack is still coming in, Discord has yet to release a statement. Their silence has reignited community concerns about the platform’s lack of transparency and its tendency to prioritize reactive responses over preventative security measures.

How to protect your Discord account

Enable two-factor authentication

The most powerful prevention methods begin with you. Start by setting up two-factor authentication (2FA) for your Discord account. It’s a good practice in general for online services. If your data is compromised during a breach, 2FA acts as an additional defense. 

It is like a security clearance; without it, criminals cannot access your data. You can set up 2FA on your Discord account by:

• Logging in and going to user settings > my account
• Next, click Enable Authenticator App 
• Discord offers three authentication options, but using an authenticator app like Google Authenticator or Authy is safest. 

Do not use SMS-based authentication, as it can be vulnerable to SIM-swapping attacks. App codes are safer, especially ones that refresh every 30 seconds. 

Be wary of bots and third-party services

Many Discord users expose their data without even knowing it. It can happen when unverified bots or third-party apps are linked to your Discord account. Breaches involving external service providers and third-party integrations are common not just on Discord, but across different industries. Major companies like Bank of America, Amex, Comcast, and Delta Dental have all suffered breaches linked to third-party vulnerabilities.

When connecting a third-party service because of convenience, you should:

• Research the source and only use well-known or official bots and services.
• Understand permissions and stay away from integrations that ask for more access than is necessary.
• Remove integrations regularly if you do not use them, as they can become vulnerabilities over time.

Bots are similar to browser extensions. While convenient, they are a security risk if they remain unchecked. 

Keep private content off public servers

Despite Discord’s popularity, many users may question whether they should continue using it. Public servers can expose user accounts to unwanted surveillance. At any point, a new Discord data breach could give criminals access to your data without your knowledge. 

Recently, an academic study by a Brazilian team of researchers showed what happens when Discord servers remain vulnerable. Using Discord’s API, researchers scraped over 2 billion messages from 3,167 servers, which is 10% of Discord’s public servers. The team kept the data anonymous, but it demonstrates how easily bad actors can harvest public content. 

What you can do:

• Do not post sensitive information publicly.
• Share your data in private servers or DMs.
• Check your privacy settings regularly and remove old posts.

In addition, after a Discord attack, check your digital presence and remove your personal information from any online sources where it may appear.  

Rotate your passwords and check for leaks

Beware of using old passwords, as they can be a security risk, especially after news of a Discord data leak. Instead of continuing bad habits, do this: 

• Rotate Discord passwords – Keep to a schedule when changing your Discord password. Do not use the same password from another platform. 
• Use a password manager – Managing many different passwords can be confusing, which is why many people use the same password everywhere. Many password managers use Advanced Encryption Standard (AES), and do not store the vault password. 
• Check breach databases – Breach databases are sites like HaveIBeenPwned, a free tool that can alert you if your email address is involved in a data breach. 

How Onerep can help limit data exposure

If your personal details are involved in a Discord data breach, you become vulnerable to scams, identity theft, account takeovers, and more. Even beyond the breach, your information is likely scattered across the internet, including publicly accessible data brokers and people-search sites, which makes you an even easier target. Onerep helps limit this risk by automatically removing your data from these sites before bad actors can exploit it.

Removing your info from data brokers 

Onerep scans 200+ data broker sites to find where your personal information is exposed and opts you out automatically. The service makes repeated removal attempts until each removal request is confirmed, ensuring your data is actually gone.

Ongoing management of your digital footprint 

Removing your data is not a task you do once. New people-search sites come online every day, and the old ones will quietly republish exposed data. Onerep checks 212 data broker sites around the clock. 

If your name, address, and other sensitive details resurface online, we detect and remove them again. With ongoing protection, you can keep your data off Google and out of the hands of cybercriminals. 

FAQs

Was Discord hacked in 2023?

Yes, in March 2023, a hacker compromised the account of a third-party Discord support agent and accessed the ticket support system. 

What data was exposed in the Discord data leak?

The 2023 breach mainly affected anyone who interacted with Discord’s support team. If you were exposed, hackers uncovered data related to your email address, name, and state-issued ID.  

Is Discord safe to use for private communication?

In general, Discord is safe for casual conversations and community interactions. Still, the platform does not offer end-to-end encryption for messages, meaning that Discord and other third parties can access your messages. Consider using communication platforms like Google Messages.

How can I secure my Discord account from attacks?

If you use Discord regularly, you should practice good online security habits. Always: 

• Use unique passwords – Create a unique password that combines uppercase and lowercase letters, special characters, and numbers where possible. 
• Research connected apps – Discord still relies on third-party integrations for the bulk of its services. You should check them often and research potential breach incidents. 
• Always check links and attachments – Avoid suspicious links when communicating on the platform. Do not download files from any link unless you recognize the source. 
• Use 2FA – Apps like Google Authenticator and Authy can improve your account security by requiring a verification code each time you log in. 

What should I do if I shared personal info on Discord?

If you use Discord, you are likely concerned about your personal data. If you shared personal info on Discord, here is how you can limit the fallout from a Discord cyber attack: 

• You should immediately update your password and activate 2FA.
• Check your online accounts for suspicious activity, especially linked email addresses or financial accounts.
• Delete messages with sensitive content from public or private channels. 
• Use Onerep to erase your personal info from hundreds of active data broker sites.