Discord-focused online tool makers are advertising a service they claim has scraped 1.8 billion messages from 35 million users across 6,000 servers. The alleged data cache also includes 207 million voice sessions, user profiles, and files, raising serious privacy concerns. This comes less than two years after Discord shut down a similar service, Spy.Pet, for violating its terms of service.
The new service, advertised on a popular data leak forum, claims to offer paying subscribers the ability to search through billions of records. Researchers at Cybernews, who initially reported on the service, warn that such access could be used for targeted harassment, doxxing, and other malicious activities.
According to the advertisement, the service indexes 1.8 billion messages from 35 million users. But the data goes beyond text: it reportedly includes voice session metadata from 207 million calls, user profile information, and files uploaded to servers. The Cybernews research team notes that while it is impossible to verify the full scope without subscribing to the service (which they advise against), the claim of live indexing suggests continuous data collection.
This scale surpasses the earlier Spy.Pet operation, which scraped public messages from 620 million users. The new service also integrates data from breached databases and FiveM servers, expanding its reach beyond Discord alone.
Discord message scraping generally relies on automation tools or selfbots (automated user accounts) that extract data from channels the bot can access. Public Discord servers are especially vulnerable, as their messages are visible to any member. Commercial scraping tools, like those available on platforms such as Apify, offer step-by-step guides for obtaining Discord tokens and exporting message histories. While these tools have legitimate uses—community analysis, archiving, or backup—they can easily be weaponized by malicious actors.
The service's terms and conditions state it is operated from Estonia, an EU member with strict GDPR enforcement. However, the same ToS reportedly indicate that scraped data is stored on servers located in Russia. This creates a jurisdictional loophole: while claiming compliance with EU privacy laws, the data repository may effectively be outside EU reach.
“The service is likely created to facilitate online harassment,” the Cybernews team explained. The dual-location strategy may help the operators avoid legal repercussions while monetizing the data two ways: charging users to access messages, and charging victims to have their data excluded.
The service’s business model appears designed to exploit both the demand for surveillance and the desperation for privacy. Researchers note that this mirrors the Spy.Pet model, which also offered an “enterprise option” for AI training—supposedly including interest from federal agencies. By charging for both access and omission, the operators can profit from the very breach they create.
In early 2024, Discord banned Spy.Pet-linked accounts and bots, effectively cutting off its data supply. Discord’s terms of service explicitly prohibit scraping, and the company has stated that it takes enforcement action against violators. Yet, the emergence of a similar service suggests the measures are insufficient.
The new service claims to have “more integration with breached databases and FiveM servers,” indicating an evolution in data aggregation. FiveM, a popular Grand Theft Auto multiplayer mod, often hosts large communities with Discord servers. By combining Discord data with external breaches, the service builds a richer profile of users, increasing its value for harassment or identity theft.
For everyday users, the existence of such a service means that anything posted in public Discord servers could be archived, searchable, and accessible to anyone willing to pay. Even private servers are not immune if a member runs a scraper bot. Voice sessions, while harder to record, are now also targeted.
The risk is not hypothetical: earlier this year, a group claimed to have scraped over 348 million messages from nearly 1,000 public Discord servers. With tools becoming more sophisticated and accessible, the barrier to entry for large-scale scraping is lowering. Community managers and server admins should take proactive steps to limit exposure, such as restricting message history visibility and monitoring for unauthorized bots.
Discord has not yet publicly commented on this specific service, but the pattern suggests a continuing cat-and-mouse game. As one data-scraping operation is shut down, another emerges—often with more features and better evasion techniques. The arm race between platform security and data harvesters shows no signs of slowing down.