How to Fix Hacked Discord Account & Stop Spam Messages?

If your Discord account suddenly starts sending spam messages to your friends, it’s likely been hacked. This typically occurs when attackers obtain your login details—often through malware like a “token logger” that secretly captures your Discord authentication token. This token acts as a digital key, allowing hackers to bypass passwords and two-factor authentication (2FA) to seize control of your account.

If this situation arises, act immediately to secure your account and prevent further harm. Below, we’ll explain how to revoke the hacker’s access and protect your account from future attacks.

Step 1. Change Your Password Immediately

When you log into Discord, the platform generates a unique authentication token that remains active until you log out or reset your password. If hackers gain access to this token (e.g., through malware), they can control your account even without your password.

Changing your password immediately invalidates all active sessions and resets your authentication token. This severs the hacker’s access and stops further unauthorized actions.

1. Open Discord and click the gear icon (⚙️) next to your username to open Settings.
2. In the left sidebar, go to My Account, then click the Change Password button.
3. Enter your current password, then create and confirm a new, strong password (use a mix of letters, numbers, and symbols).
4. Click Done to save your new password. This will log you out of all active sessions.
5. Log back into Discord using your new password to ensure the changes take effect.

Step 2. Enable Two-Factor Authentication (2FA)

Even after changing your password, hackers can still access your account if they obtain your new credentials. Two-Factor Authentication (2FA) adds an extra level of security by requiring a time-sensitive code (sent to your phone or authenticator app) in addition to your password. This ensures that even if your password is compromised, attackers can’t log in without physical access to your device.

1. Open Discord and click the gear icon (⚙️) at the bottom left to open User Settings.
2. Under My Account, scroll down and click Enable Authenticator App.
3. Enter your current Discord password to confirm it’s you.
4. Download an authenticator app like Google Authenticator (iOS/Android) or Authy from your device’s app store.
5. Set up the app:
   • Open the authenticator app and tap Scan QR Code.
   • Point your camera at the QR code shown on Discord.
6. Enter the 6-digit code from the authenticator app into Discord and click Activate.
7. Your account is now secured with 2FA! Save your backup codes (provided by Discord) in a safe place in case you lose access to your authenticator app.

Step 3. Review Authorized Apps

Some apps or bots you’ve connected to Discord might have permissions to send messages or access your account. If these apps are hacked or malicious, hackers can use them to send spam or phishing links to your friends and servers. Here’s how to audit and remove them:

1. Open Discord and click the gear icon (⚙️) at the bottom left to open User Settings.
2. From the left menu, select Authorized Apps. You’ll see a list of all apps/bots with access to your account.
3. Review the apps carefully. If you spot anything unfamiliar, unused, or suspicious, click Deauthorize next to it.
4. After removing unwanted apps, restart Discord to ensure all changes take effect. This prevents any lingering access from compromised apps.

Step 4. Scan for Malware

If your account was hacked, malware such as token loggers or keyloggers might still be lurking on your device. These malicious programs can steal your new password or Discord token even after you’ve changed it.

• Windows: Open Windows Security → Virus & Threat Protection → Run a full scan.
• Mac: Use Malwarebytes (free) or rely on Apple’s built-in XProtect (scans automatically).

After scanning, check Discord’s security logs: Go to Settings → Privacy & Safety → Security to review recent logins and active sessions.

Why this matters: Malware like RedLine Stealer or Vidar (common tools for stealing gaming/chat app credentials) can lurk in your system. A full scan removes these threats and prevents hackers from sneaking back into your account.

Below, we’ll walk through the Windows process step-by-step:

1. Press the Windows key (⊞) + S to open the search bar.
2. Type “Windows Security” and press Enter to open the app.
3. Click on Virus & Threat Protection in the left menu, then select Scan Options.
4. Choose Full Scan (this checks your entire system) and click Scan Now. Note: This may take 1-2 hours—keep your PC plugged in and avoid interrupting it.

If threats are found, follow Windows Security’s prompts to quarantine or remove them. Restart your PC, then check Discord for unusual activity.

Step 5. Inform Your Contacts

If you’re worried your account might still be at risk, warn your friends about potential suspicious messages. A quick heads-up ensures they avoid clicking harmful links, protecting them and maintaining your reputation.

Example message: “Hey, my Discord might still be hacked. Don’t click any strange links from me until I confirm it’s fixed!”

If your account remains compromised after following these steps, reach out to Discord’s support team directly:

1. Submit a ticket via their support form.
2. Explain the situation (e.g., “My account was hacked and sends spam”).
3. Include proof of ownership, like purchase receipts or linked email/phone.