Discord account hacked? What to do and how to recover your account

How to tell if your Discord account is hacked

You can tell if your Discord account has been hacked by keeping an eye out for a handful of telltale signs. Discord accounts became a much more attractive target for cyberthieves after Nitro launched (a paid subscription that unlocks extra features and usually has a payment card attached to it), giving attackers more incentive to go after them. Some of the warning signs are hard to miss, others are easy to brush off as a glitch, but these are the ones you should be aware of:

• Unusual account activity. If you start getting emails from Discord about login attempts from locations you’re not familiar with or password reset requests you never made, don’t ignore them. It’s a sign that somebody’s testing the doors to your account to see if they’re unlocked.

• Messages and friend requests you didn’t send. Another tell is when your Discord contacts start responding to conversations you never started or when server invitations are going out from your profile without your knowledge. If people are reacting to messages you have no memory of sending, someone else (a hacker, most likely) has access to your account and is using it to reach the people you trust.

• Account settings you didn’t change. This one is easy to miss at first. You open Discord, and your username, email address, or linked apps look different from how you left them. Hackers change account details fast (they usually start with the email address) to cut off your access and make it harder to prove the account is yours.

• Unexplained transactions. Check your payment card linked to your Discord account. If a charge appears that you have no memory of making, that’s a classic sign of account theft. Discord Nitro gifting is one of the most common ways hackers monetize a stolen account, buying subscriptions for themselves using your card.

• Unexpected two-factor authentication (2FA) codes. If Discord 2FA codes start arriving in your inbox or on your phone and you’re not the one trying to log in, then a perpetrator already has your Discord password and is actively trying to get past the only remaining barrier protecting your account.

What to do if your Discord is hacked 

If your Discord is hacked, immediately change your password, log out of all active sessions, and check your email for a recovery notification from Discord. Acting on the right steps in the next few minutes gives you the best chance of getting your account back intact. Start with step one:

1. Check your email for Discord notifications

Before you do anything else, check the inbox of the email address linked to your Discord account. One of the first things hackers do is change your account’s email address to lock you out of it. If you find a notification about an email change sent from Discord sitting in your inbox, don’t delete it. Inside that email is a “Start account recovery” button that lets you revert the change and reclaim your account. You only have 48 hours from the moment the change was made to use it, so act on it immediately.

2. Change your Discord account password immediately

Regardless of what the hacker did or didn’t do to the email tied to your Discord account, your password needs to be changed right now.

On desktop:

1. 1.Open the Discord app.
2. 2.Head to “Settings” (the cogwheel icon in the bottom left).
3. 3.Select “My account.”
4. 4.Click “Change password” and follow the prompts.

On mobile:

1. 1.Open the Discord app.
2. 2.Go to “User settings.”
3. 3.Tap “Account.”
4. 4.Select “Change password” and follow the prompts.

Make the password long, unique, and something you’ve not used anywhere else.

3. Change passwords for related services

Your Discord password being compromised doesn’t mean the ramifications stop at just Discord. Hackers know that most people reuse passwords, and they will try your credentials on every other platform they can think of — your email, your gaming accounts, anything linked to the same address. Go through every service connected to your Discord account and change those passwords too.

4. Log out of all devices

Changing your password is a good start, but it won’t necessarily kick out a hacker if they’re already logged into your account on another device. To fully lock the account down, you’ll need to manually end all active sessions. This is how you do it:

On desktop:

1. 1.Open the Discord app.
2. 2.Go to “Settings.”
3. 3.Select “Devices.”
4. 4.Click “Log out all known devices.”

On mobile:

1. 1.Open the Discord app.
2. 2.Navigate to “User settings.”
3. 3.Tap “Devices.”
4. 4.Select “Log out all known devices.”

5. Remove suspicious authorized apps

Changing your password and logging out of all devices can feel like shutting the door on the whole situation. But sometimes a hacker leaves themselves another way back in. Third-party apps connected to your Discord account can keep certain permissions even after a password change, meaning someone could still have access if a malicious app was previously authorized. So before you move on, take a minute to open Discord settings, head to “Authorized apps,” and revoke access for any app you don’t remember linking to your account.

6. Notify your bank

If you have a payment card linked to your Discord account, your bank needs to know what happened. Give them a call, explain that your account was compromised, and ask them to flag any suspicious Discord-related charges. Most banks can block future unauthorized transactions once they’re in the loop.

7. Warn your Discord friends

Your Discord friends need to hear from you as soon as possible if your account has been hacked. A cyberattacker sitting inside your account has access to everyone on your friends list, and the most common next move for them is to use your identity to trick the people you know.

Hackers are likely to send malicious links or files, banking on the fact that your friends won’t suspect an attachment from an account they know and trust to be dangerous. So reach out and let your Discord friends know your account was compromised. Tell them to ignore any messages sent from your account recently and not to click any links or download any attachments that came from you until you’ve confirmed your account is fully secured.

8. Scan your device for malware

Before you close the book on this, it’s worth retracing your steps a little. Ask yourself, how did the cyberattacker manage to hack my Discord account? Your device may have been infected with malicious code after you clicked a link or downloaded a file from an unknown source. You might have even clicked a link sent by a friend, not knowing that they had been hacked before you. Hackers typically spread Discord malware through phishing, impersonating others to gain the target’s trust. Scan your drive with antivirus software, just in case.

How to recover a hacked Discord account

You have two ways to recover a hacked Discord account, and which recovery path you’ll need to take depends on what happened to the email tied to the account. If the original email address is still connected, then recovery is usually no tall order. But if the attacker changed it, reclaiming the account will take a bit more work. Either way, Discord provides recovery options for both scenarios.

If you still have email access

If the email address linked to your Discord account hasn’t been tampered with and you still have full access to it, you’re in the easier of the two situations. Getting back into the account shouldn’t take much more than a few steps:

1. 1.Go to the Discord login page.
2. 2.Click “Forgot your password?”
3. 3.Enter your email address.
4. 4.Check your inbox for a password reset link from Discord.
5. 5.Follow the link and set a new, strong password that you haven’t used anywhere else.
6. 6.Enable two-factor authentication immediately after logging back in. A password alone is a single point of failure and 2FA ensures there is always a second barrier between an attacker and your account.

If your email was changed

If you checked your inbox earlier when we covered what to do immediately after your Discord account was hacked, you may have already spotted an email notification from Discord about the change. If you haven’t checked yet, now is the time because that email is your most important tool for recovering your account in this scenario. Discord sends it to the original email address on the account the moment a change is made, but the recovery window is only 48 hours, so act fast. 

According to Discord’s support page, the URL of the revert link in that email will always start with https://discord.com/wasntme/ and anything that reads differently should be treated as fake.

1. 1.Open the inbox of the email address that was originally linked to your Discord account.
2. 2.Look for an email notification from Discord about the email address change.
3. 3.Inside that email is a “Start account recovery” button — click it before the 48-hour window closes.
4. 4.If that window has already expired and the link no longer works, your only remaining option is to contact Discord support directly.

How to contact Discord support

To contact Discord support about a hacked account, head to the official Discord support site and submit a ticket. If the 48-hour recovery window has passed and you’ve been logged out of your account, this is your best remaining option. Even if you’ve managed to recover your account on your own, reaching out to Discord’s support team is still worth doing. You should do it if the hackers have damaged your account, for example, they wiped it, and you need to restore the stolen data. And if Discord is down at the moment, wait before the issue is resolved first — don’t try to discuss sensitive account details on third-party channels.

To submit a support ticket:

1. 1.Go to https://support.discord.com/hc/en-us/requests/new.
2. 2.Create a support account (this is not the same as your Discord account).
3. 3.Select “Hacked account” from the dropdown menu.
4. 4.Provide your username and handle, your original email address, a description of what happened, and any screenshots or purchase receipts you have available.
5. 5.Submit your ticket and wait for a response. Discord typically replies within 24 to 72 hours for an initial response, though complex cases may take longer.

How do Discord accounts get hacked?

Discord accounts get hacked primarily through token theft (infostealers), phishing scams, malicious downloads, and credential stuffing. Most of these attacks don’t happen because attackers cracked some sophisticated code but because attackers are opportunistic and patient, looking for users who reuse passwords, click suspicious links, or haven’t enabled two-factor authentication. The most common methods cybercriminals use to get into Discord accounts are:

• Token stealing and session hijacking. Discord uses tokens to keep users logged in between sessions. Attackers who manage to get malware onto your device can use it to extract these tokens directly from your browser or app. With your token in hand, an attacker can access your account without your password.
• Phishing attacks and fake Nitro scams. Attackers lure Discord users in with promises of free Nitro, directing them to fake Discord login pages built to harvest credentials. Others disguise malware as game beta files or test builds and trick users into installing them. These messages often appear to come from friends whose accounts have already been taken over. It’s a tactic that sits at the heart of most Discord scams and makes them significantly harder to spot.
• Malware and malicious downloads. Attackers package trojans inside fake game files and executables to gain access to a target’s device. Discord bots requesting excessive permissions and tampered game mods or tools are other common delivery methods that give attackers a foothold without raising immediate suspicion.
• Credential stuffing and weak passwords. When large-scale data breaches expose millions of usernames and passwords online, attackers rarely stop at the original breach. Almost automatically they feed those leaked credentials into automated login attempts across other platforms, including Discord, in a tactic known as credential stuffing. For people who use the same password for different accounts, a breach on one service can end up compromising several others along with it. And if you use what is considered a weak password, then you face a different but equally dangerous threat. Attackers sometimes just try to brute-force their way in by cycling through password combinations until they find one that sticks.

How to protect your Discord account from hackers

The best way to protect your Discord account from hackers is to build a few good security habits. Most of what makes an account vulnerable comes down to things that are easy to change. You can start by:

• Monitoring your account. Get into the habit of checking your Discord account every now and then to help prevent potential misuse. Strange emails from Discord or actions you don’t remember taking are two major warning signs to watch out for, and spotting them early can help you shut down an attacker’s attempt to hack your account.
• Using two-factor authentication. Enabling 2FA means that even if an attacker gets hold of your password, they still need a one-time verification code to log in to your account. You can enable 2FA in Discord’s account settings under the “My account” tab — it takes less than a minute and significantly raises the bar for cyberattackers trying to break in.
• Creating a strong and unique password. The Discord app won’t let you set a password shorter than eight characters, but remember that it should also contain special characters, a mix of upper and lowercase letters, and numbers. But more importantly, set up a unique password — don’t use the same one for different accounts. If you have trouble remembering all your passwords, use a secure password manager.
• Verifying links before clicking them. Phishing attacks targeting Discord users are common, and attackers are good at making malicious links look legitimate. Before clicking any link (even one sent by a friend), take a moment to check where it actually leads by hovering your mouse over it or copying the link address and pasting it into a link checker.
• Reviewing authorized apps regularly. Third-party apps connected to your Discord account can retain permissions even after you’ve changed your password. Go through your authorized apps periodically and revoke access for any of them you no longer use or don’t recognize. It’s a small habit that closes off a backdoor attackers are known to exploit.
• Keeping your personal information private. Remember that if you use a public server, you can’t be sure who else uses it and reads your messages. Not everyone has good intentions, so don’t share confidential information with strangers.
• Using a VPN. A VPN service can protect you from some cases of data theft through strong encryption, which is especially important if you connect to the internet via public, unsecured networks. NordVPN, for example, also comes with scam, phishing, and malware protection to cover more of the angles attackers tend to use.

Additionally, you can always think about similar Discord alternatives to see if any tool or service works better for you.