Discord cyber attack exposes 70,000 User ID photos

Discord, the messaging and community platform used by hundreds of millions globally, has confirmed that official identification photos of approximately 70,000 users were potentially compromised in a recent cyberattack.

The company confirmed that the breach did not target its core platform, but rather a third-party service provider used for customer support and age verification processes.

The breach, which Discord believes was part of an attempt to extort a financial ransom, centred on the data submitted by users who had interacted with the company’s Customer Support or Trust & Safety teams.

Crucially, the malicious actor gained access to images of government-issued identification—such as driver’s licences and passports—which were provided by users to appeal age determinations on the platform.

The exposed data set is highly sensitive. For the affected users, the compromise extends beyond ID photos to include a wide range of personal information: full names, Discord usernames, email and contact details, IP addresses, transcripts of conversations with customer service agents, and limited billing data, including the payment type and the last four digits of credit card numbers. Discord stressed that full credit card numbers, passwords, or authentication data were not compromised.

The leak of permanent identification documents presents a severe, long-term threat to the affected users. Unlike credit card details, which can be cancelled, government IDs contain foundational identity information that can be leveraged indefinitely for serious fraud, including identity theft, opening fraudulent accounts and creating spear-phishing scams.

This incident highlights the acute security risks associated with collecting and storing such critical data for age verification, a practice that has grown increasingly common due to tightening global regulations.

In response, Discord stated it took immediate action upon discovery of the incident, including revoking the compromised vendor’s access to its internal systems, initiating a forensic investigation with external security experts and engaging with law enforcement. All impacted users have been contacted directly via email.

Furthermore, a spokesperson confirmed the company is refusing the threat actor’s demand, asserting, “We will not reward those responsible for their illegal actions,” even as external claims of a much larger data volume persist. Discord continues to advise users who submitted ID photos to monitor their personal and financial accounts carefully for signs of identity misuse.