Discord Privacy Under Fire: Spy Pet Service Caught Selling User Data

A new report has exposed a surveillance operation targeting Discord users, revealing that public conversations are being scraped and sold to third parties, including AI training firms and law enforcement.

The service, known as Spy Pet, claims to monitor over 10,000 Discord servers, accumulating a database of billions of messages. According to an investigation by 404 Media, the platform allows buyers to search for specific users for roughly 10 cents or purchase bulk access for as little as $5 in cryptocurrency.

How the Data is Being Sold

The reported scope of the breach is vast. Spy Pet allegedly holds data from various communities, ranging from gaming servers for titles like Minecraft and Runescape to cryptocurrency discussion groups. While the exact volume of data remains unverified, journalists were able to successfully purchase user information, confirming the service is functional.

The business model is simple but invasive: it aggregates fragmented public posts into a searchable dossier. This allows anyone with a few dollars to trace a user's activity across multiple servers, stripping away the anonymity users often expect in smaller, niche communities.

Privacy Implications and Risks

While Spy Pet does not access private Direct Messages (DMs), the aggregation of public server data poses significant risks. The scraped information is marketed specifically toward organizations training AI models and government entities.

Experts note that while posts on public servers are technically visible to anyone, users rarely anticipate their casual conversations being indexed and monetized on the open market. The ease of access means that private citizens, stalkers, or authorities can scrutinize a user's history without their knowledge or consent.

Protecting Your Account

For users concerned about their digital footprint, options are currently limited. Spy Pet appears unwilling to delete existing data. However, server administrators are advised to take preventative measures:

• Monitor Bot Activity: The scraping is believed to be conducted via bots lurking in channels. Admins should kick suspicious accounts with no profile pictures or activity.


• Increase Verification: Changing server settings to require higher verification levels can deter automated bots from joining.


• Treat Everything as Public: Users should assume that anything posted on Discord—unless end-to-end encrypted—could eventually become public record.

As the situation develops, the incident serves as a stark reminder that privacy on community platforms requires constant vigilance.