critical SEVERITY
January 8, 2026
Discord OAuth App Exploitation Wave
Approximately ~750,000 users potentially affected
Data Exposed:
- Discord tokens
- Server memberships
- DM history
- Connected accounts
What Happened
Malicious Discord bots posing as game stat trackers have been harvesting OAuth tokens. Compromised accounts are being used to spread malware and crypto scams in gaming servers.
What You Should Do
- Review authorized apps in Discord User Settings > Authorized Apps
- Remove any suspicious or unknown applications
- Enable 2FA on your Discord account immediately
- Change your password if you used any third-party bots recently
- Check for unknown sessions and log them out
Check If You Were Affected
Use GalaxyWarden to scan for your credentials in this and other breaches.
Scan My Email Free →