Discord Account Hacked? How to Recover and Secure It (2026)

Your friends are messaging you about the weird links you "sent" them, an email just landed warning of a login from a country you've never visited, and the password you have typed a hundred times suddenly doesn't work. That sinking feeling is real, but so is the path back. Most hijacked Discord accounts are recoverable, and the fastest fixes take minutes, especially if you act before a 48-hour window closes. Work through the steps below in order, starting with the quickest and most common, and only escalate to a support ticket if the self-service routes fail.

Before you touch anything, one ground rule keeps you from making things worse. Start your recovery from a device, browser, and network you have actually signed in from before, since Discord recognizes familiar setups and a brand-new environment can add friction. Never create a second account to "report" the hacked one, and never share a verification code, password, or two-factor code with anyone. Real Discord staff will never DM you for support, ask for payment, or ask you to change your login credentials, so treat any message like that as the attacker, not the rescue.

Check Your Email and Undo a Hacker's Email Change First

The single fastest recovery exists only for a short window, so check your email inbox immediately. If the attacker changed the email address on your account, Discord automatically sends a message to your ORIGINAL address containing a "Start Account Recovery" button. That link is unique to your account and valid for only 48 hours after the email change, so time matters more here than anywhere else in this guide.

1. 1.Open the email Discord sent to your original address and press the "Start Account Recovery" button.
2. 2.Confirm the link is genuine before doing anything else. The legitimate link always starts with discord.com/wasntme/ and anything else is fake.
3. 3.On the Account Recovery page, change the email back to your original address and set a new password.
4. 4.Re-add any phone number or multi-factor authentication afterward, since the attacker may have stripped or altered it.

Never share this link with anyone, no matter how convincing the request. Confirm you are on the genuine discord.com domain before you enter your credentials, because a lookalike page that mimics this flow is exactly how attackers harvest the access you are trying to reclaim.

Reset Your Password and Lock the Intruder Out

If your email is intact but your password no longer works, a reset is the next move. Open the login screen in the app or go to discord.com/login, enter the email tied to your account, and tap "Forgot your password?". Discord then emails reset instructions to that address; follow them to set a new password.

If multi-factor authentication is enabled on the account, you will be prompted for your code first before you can complete the reset. One thing to know going in, Discord Support cannot reset your password for you, so this self-service flow is the route, not a support request. Choose a password you have never used elsewhere so a leak on another site can't reopen this door.

Get Past an MFA Prompt With a Backup Code or SMS

Two-factor authentication is supposed to protect you, but it becomes a wall if you can't produce the code, whether because you lost your authenticator or because an attacker tampered with your setup. Discord builds in a fallback for exactly this moment.

1. 1.At the authenticator-code prompt, press "Verify with something else".
2. 2.Enter one of your unused one-time backup codes, the ones you saved when you first set up MFA.
3. 3.If the backup-code option is missing entirely, that means all of your codes have already been used.
4. 4.If you enrolled SMS MFA instead, you can choose to receive an SMS code and use that to get in.

Once you are logged in, you can disable MFA and set it up fresh under a code you control. Be clear-eyed about the hard limit here, Discord cannot issue new backup codes or remove MFA on your behalf. If every backup code is spent and you have no authenticator app and no SMS access, Discord cannot restore access through this path, which is why saving those codes somewhere safe matters so much for next time.

Run Discord's Official Hacked-Account Cleanup Once You're Back In

Getting back in is only half the job. Discord's official guidance for a hacked or compromised account walks through a short cleanup that closes whatever doors the attacker left open. Do all three of these before you relax.

1. 1.Reset your password again now that you have full control, so the new credential was set entirely by you on a clean session.
2. 2.Make sure Multi-Factor Authentication is enabled, since it is the main thing standing between the attacker and a second break-in.
3. 3.Review your Authorized Apps and remove any unwanted applications that have access to your account.

While you are at it, avoid clicking links or downloads from untrusted sources, which is how many accounts get taken in the first place. And keep the staff rule front of mind, Discord Staff will never DM you for support, ask for payment, or ask you to change your login credentials.

Deauthorize Unknown Connected Apps

Attackers often leave behind an authorized application or a linked account so they can quietly regain control later, even after you change your password. Clearing these out is what makes your recovery stick.

Open User Settings (the cogwheel in the lower-left on desktop, or tap your avatar then the cogwheel on mobile) and go to Authorized Apps. Press "Deauthorize" on desktop, or the "x" on mobile, to remove any app you don't recognize. Then check your linked accounts and remove any connection you don't recognize, which severs the tie between that service and your account. If you are unsure about an entry, removing it is the safer choice, since you can always reconnect a legitimate service yourself afterward.

Turn On Multi-Factor Authentication and Save Your Backup Codes

With the account clean, the last move is to make a repeat attack far harder. Set up MFA in your User Settings so the attacker can't simply walk back in with the password they may already know.

Discord's MFA setup guidance walks through enabling an authenticator app and, crucially, SAVING your one-time backup codes. Keep those codes secret and stored somewhere safe and offline, because they are your only self-service way back in if you ever lose access to your authenticator. Set this up now while you have full access, not later, since the backup codes you generate today are exactly what spares you from the dead-end described earlier.

When You Still Can't Get In File a Hacked-Account Request

If none of the self-service routes worked, escalate to Discord's Trust and Safety team. Submit a ticket through the hacked-account form at dis.gd/hackedaccount, or use the general support form at dis.gd/contact. Provide as much detail as possible about the account and what happened, since a thorough first report tends to move faster than a thin one.

Two cautions will save you grief. Do not file multiple tickets, as duplicates can slow the review rather than speed it. And if there were unauthorized charges, do not file a payment chargeback with your bank before contacting Discord, because filing a chargeback may result in account suspension pending investigation. Keep your reporting inside official Discord channels, and never pay a third-party "account recovery service" promising to fix this for you, since those services cannot do anything you can't do here for free, and handing over your details only widens the breach.

Frequently Asked Questions

The hacker changed my email. Can I still get my account back?

Yes, if you act quickly. Discord sends a "Start Account Recovery" email to your original address, and that link, which always begins with discord.com/wasntme/, is valid for only 48 hours after the email change. Use it within that window to revert the email and set a new password. If the window has passed, file a request through dis.gd/hackedaccount.

A hacker enabled 2FA I never set up. Can Discord remove it for me?

No. Discord officially states that its Support team cannot remove MFA or two-factor authentication from your account and cannot generate new backup codes for you. If an attacker enabled 2FA you didn't set up, your recovery hinges on the email-change revert link (the discord.com/wasntme/ flow) or a support ticket, rather than asking Discord to strip the attacker's 2FA on request.

I've used all my backup codes and lost my authenticator. What now?

At the MFA prompt, "Verify with something else" lets you enter an unused backup code, and if you set up SMS MFA you can receive an SMS code instead. But if every backup code is used and you have no authenticator or SMS access, Discord cannot restore access, since Support cannot issue new backup codes or remove MFA. This is why saving and safely storing your backup codes when you set up MFA is so important.

Can Discord Support just reset my password for me?

No. Discord Support cannot reset your password. Use the "Forgot your password?" option on the login screen at discord.com/login. Discord emails reset instructions to the address on your account, and you follow those to set a new password yourself.

How long does Discord take to review a hacked-account ticket?

The email-change revert link ("Start Account Recovery") is valid for 48 hours after the email change, which is the one firm timeline that applies. Discord publishes no numeric timeline for how long it takes to review a hacked or disabled account support ticket, so treat any specific number you see elsewhere with caution.

Someone claiming to be Discord support is DMing me to help. Is that safe?

No. Discord Staff will never DM you for support, ask for payment, or ask you to change your login credentials. Never share a verification code, password, or two-factor code with anyone, and never pay a third-party "account recovery service." Always confirm you are on the genuine discord.com domain before entering credentials, and start recovery only through official forms like dis.gd/hackedaccount.