@mangeurdenuage Something else to share with @x@neckbeard.xyz ...

It is possible that #Discord uses #OAuth. In that case, there should be something in account settings that lists the clients the person has authorized. De-authorizing clients could stop the problem if a client is automatically waking up and logging in (or if it is controlled by a malicious actor that is surreptitiously logging in to collect data). Naturally, this assumes that there are Discord clients and that the person has used at least one. Not being a user of their chat, I cannot tell you whether they even allow clients besides a browser.

In any case, the person should change their password using a password manager to generate and store the new randomish password. It should be as long as the service allows (and never fewer than 16 characters).