What to do if your server has been hacked?
Last updated
Was this helpful?
Last updated
Was this helpful?
99% of Discord "hacks" are actually phishing or social engineering schemes that trick users into exposing their Discord token. The token is a special private key that can bypass a user's login password and even 2FA. If the hacker has your token, they can control your account! The only way to stop them is to reset your Discord password. This refreshes your token and kicks them out.
Tell everyone on your team to reset their password ASAP
Ultimately, cold admins/server owner may be the only accounts with high enough permissions to eliminate the hacker. Send messages to them as soon as possible.
Your server audit logs track every major change within your server. Reading the logs is key to finding the hacker. If you have access to the logs, look for the first sign of suspicious activity like added bots/webhooks, user permissions changes, mods being kicked/banned, etc. The logs are available from Server Settings -> Audit Logs. Watch out for the hacker giving dangerous permissions to their alt accounts.
Post messages warning your users that your server has been hacked
If the hacker deletes those messages, change a channel name to warn users that your server has been hacked
Post on other social media that your community follows
Take screenshots of malicious links and posts that the hacker sends
Record the Discord IDs of their accounts and bots (right click on the user and select Copy ID)
Record any voice chats they send.
Perform another sweep of the users to look for unexpected bots
Check your server vanity link to make sure the hacker hasn't redirected it to their own server