ID data from 70,000 Discord users exposed in third-party breach

Around 70,000 Discord users may have had ID photos leaked in a targeted cyber-attack on a third party.
Cybercriminals accessed personal data from a third-party provider used by Discord, affecting thousands of users worldwide.

Discord has confirmed that official ID images belonging to around 70,000 users may have been exposed in a cyberattack targeting a third-party service provider. The platform itself was not breached, but hackers targeted a company involved in age verification processes.

The leaked data may include personal information, partial credit card details, and conversations with Discord’s customer service agents. No full credit card numbers, passwords, or activity beyond support interactions were affected. Impacted users have been contacted, and law enforcement is investigating.

The platform has revoked the support provider’s access to its systems and has not named the third party involved. Zendesk, a customer service software supplier to Discord, said its own systems were not compromised and denied being the source of the breach.

Discord has rejected claims circulating online that the breach was larger than reported, calling them part of an attempted extortion. The company stated it would not comply with demands from the attackers. Cybercriminals often sell personal information on illicit markets for use in scams.

ID numbers and official documents are especially valuable because, unlike credit card details, they rarely change. Discord previously tightened its age-verification measures following concerns over the misuse of some servers to distribute illegal material.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our Diplo chatbot!