Discord's broken support left a hacker extorting kids for 8 days

A 12-year-old who lied about her age to create a Discord account had it hijacked after clicking a phishing link disguised as Discord support. Without two-factor authentication enabled, the attacker took full control and began running financial extortion scams against dozens of minors on the teen’s friends list.

Her father spent over a week trying to get Discord to intervene, but the platform’s support system - a mix of chatbot auto-responses and human agents - repeatedly closed his tickets, telling him to report the issue from inside the compromised account his daughter could no longer access. There is no mechanism for a parent to escalate on behalf of a minor. The attacker was only removed after Ars Technica contacted Discord directly.

The incident highlights two colliding failures: platforms that children routinely access by lying about their age, and support systems wholly unequipped to handle the safety consequences when those accounts are compromised. Discord’s inability to prioritize a case involving active exploitation of minors raises serious questions about its duty-of-care infrastructure.