78M Discord files peddled online: Is the data leak real?

For days now, one cybercriminal gang has been attempting to convince fellow hackers that it has nearly 80 million records taken from Discord servers. However, the claims of a massive Discord data breach don’t align with the market's lackluster reception.

The attackers first announced the Discord data leak earlier this week, piquing the interest of many cybersecurity observers on X and BlueSky. The post, shared on a popular data leak forum, stated that the gang had obtained a substantial Discord database containing 78 million records.

“Today we are dropping a massive Discord database – one of the largest ever seen,” the group, calling themselves HawkSec, announced.

Data that the cybercriminals obtained supposedly includes information that malicious actors could easily utilize for nefarious purposes, such as impersonation, account takeover, and doxxing. According to the post, the database includes:

• Full chat logs
• Server conversations
• Voice metadata
• Recording snippers
• Session details
• User activities
• Moderation logs
• Interactions
• Server structures
• Members lists
• Roles
• Channels

If confirmed, malicious actors could exploit the data to target Discord users. The platform, which has over 200 million active users, has previously experienced issues with user harassment. With the data at hand, attackers could target data-rich servers to extort their owners.

On a more nefarious note, malicious actors could attempt to reveal the true identities and home addresses of the platform's users. Gamers, who make up a significant portion of Discord’s user base, are no strangers to extremely dangerous practices such as SWATing, where authorities are called on a fake emergency to a victim's address.

The extensive database, the post’s authors claim, was collected over several months for an internal project to develop a platform for Discord intelligence. However, for whatever reason, the attackers decided to abandon the project, leaving them with tens of millions of Discord records.

On January 14th, attackers explained that the attack was not limited to public servers.

“Malware circulating in the wild steals Discord tokens, which can expose private messages and personal data such as account email, number, or even limited banking information,” HawkSec explained in a post on X.

We have reached out to Discord for comment and will update the article once we receive a reply.

What’s wrong with the Discord data leak claims?

Despite HawkSec’s broad claims, the post lacks any evidence to support them. Unlike similar announcements from other malicious actors, the alleged Discord data leak post shared no sample for investigation.

Moreover, according to the Cybernews research team, the attackers appear to have deleted and reuploaded the post at least two times. For example, the latest iteration of the post includes additional details, such as who led the operation and who contributed to collecting the data.

“They probably wanted to make some cash because of the big brand name, and that went slower than they expected, so they decided to take out the big guns,” our team explained.

“They probably wanted to make some cash because of the big brand name, and that went slower than they expected, so they decided to take out the big guns,”

researchers said.

Data leak forums serve as marketplaces where malicious actors trade in stolen data for profit. This means that posts could be seen as ads, with the database size and the people behind it serving as a marketing tool.

Attackers could also use Discord’s name to entice other malicious actors to reach out, which could serve as an opportunity to scam other fraudsters. Recently, we have covered several cases involving large brands, such as Dell, PayPal, and ASML, where attackers likely posted fake data leaks.

Another interesting development surrounding the supposedly leaked Discord database emerged late on January 13th, after HawkSec posted a message on X, stating that it would likely share the database with law enforcement.

In a message clearly translated from French, the attackers explained that they were “not going to beat around the bush” (translated as “we are not going to follow 4 paths” from French) and admitted that the information would be shared with the French authorities.

Hello to all friends around the world,

Today, I return to the more than 78 million Discord users compromised by us.

We are not going to follow 4 paths, this data will most likely be shared with the French authorities.

undefined HawkSec (@H4wkSec) January 13, 2026

The attackers later explained on X, that the overall goal of the Discord-focused operation was to detect illegal activities, such as CSAM, terrorism and criminal networks. While the goals indeed sound noble, just a day prior, the same attacker group was willing to sell the data to the highest bidder.

Discord targeted by threat actors

As one of the largest social platforms on the planet, Discord is often targeted by attackers. Last August, Discord-focused online tool makers claimed they had access to 1.8 billion user messages and a trove of voice sessions, files, and user profiles.

The trove of data, which allegedly targeted 35 million of the platform's users, was scraped from thousands of servers and included a whopping 207 million voice sessions.

In 2024, a shady website called Spy.Pet surfaced, claiming it had scraped billions of public Discord messages from millions of users.

Spy.Pet didn’t stop at message logs. It bundled users' Steam accounts and other linked platforms, offering what it called an “enterprise option” to anyone looking to train AI models on its data. That included, allegedly, federal agencies.

Updated on January 15th [07:50 a.m. GMT] with a additional comments from HawkSec.

---

Unlock more exclusive Cybernews content on YouTube.