Authentication Token: A session key Discord uses to keep you logged in. If someone obtains your token, they can access your account without needing your password.

Phishing: A method where attackers trick you into entering your login credentials on a fake or misleading website.

Malware: Malicious software (such as a keylogger) installed on your device to capture information like passwords.

Keylogger: A type of malware that records what you type, including usernames and passwords.

Most Discord account breaches occur through:

1. Stolen authentication tokens (via malware)

2. Phishing attempts that capture login credentials

Do not click unexpected or unfamiliar links given to you, especially if they come from a friend. Often these infections are spread by the virus posting in shared servers a compromised link or private messaging the link to members on a friends list.

If your account is compromised, we recommend the following:

1. Change Your Password
If your authentication token has been stolen, an attacker can remain logged in indefinitely. Changing your password will invalidate all active sessions and log out any unauthorized users.

2. Enable Two-Factor Authentication (2FA)
If your credentials were obtained through phishing or malware, they may be compromised again. Enabling 2FA adds an additional layer of protection by requiring a secondary verification method.

3. Review and Remove Suspicious Applications
Malicious or unknown applications can maintain access to your account even after a password change.

To check:

Go to User Settings → Authorized Apps

Deauthorize any apps or integrations you do not recognize

Also review any browser extensions or bots connected to your account.

4. Run a Full Device Security Scan
If malware (such as a keylogger) is present on your device, your account may be re-compromised even after taking the above steps. Some threats go beyond Discord and may attempt to access personal or financial information.

Running a full antivirus or anti-malware scan is strongly recommended.

5. Notification
Notify all friends and all servers you are a part of that your account has been compromised with the explicit instruction to not click any links from you until you verify that your account has been secured. While everyone should be adhering to best-practice, hackers are experts at psychological manipulation and use a variety of tactics to encourage clicks and often these messages come from your most trusted friends.

While creating a new Discord account is an option, your original account will remain compromised unless it is properly secured and/or deleted. If that account contains important conversations or records, taking the above steps is the best course of action.