1. confirming the emails were not already listed in other databases / leaks;
2. going to the actual Discord platform and performing a "Forgot Password" request, entering a stolen email, and seeing if it goes through or not, as Discord confirms if an email exists or not during this flow;
3. contacting Discord.io directly, who confirmed & put out a statement.
Other data breaches are harder to verify. Troy Hunt (owner of haveibeenpwned.com) described this in far more interesting ways than I ever could[0], but for each breach, it varies.
1. confirming the emails were not already listed in other databases / leaks;
2. going to the actual Discord platform and performing a "Forgot Password" request, entering a stolen email, and seeing if it goes through or not, as Discord confirms if an email exists or not during this flow;
3. contacting Discord.io directly, who confirmed & put out a statement.
Other data breaches are harder to verify. Troy Hunt (owner of haveibeenpwned.com) described this in far more interesting ways than I ever could[0], but for each breach, it varies.
[0]: https://www.troyhunt.com/heres-how-i-verify-data-breaches/