Update, October 10, 2025: Discord has confirmed 70,000 users were affected by a recent data breach affecting a third-party customer service provider.
In a statement shared with The Verge, the platform clarified that those affected "may have had government-ID photos exposed, which our vendor used to review age-related appeals."
"All affected users globally have been contacted and we continue to work closely with law enforcement, data protection authorities, and external security experts," it said.
"We've secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause."
Original story, October 6, 2025: A third-party customer service provider used by Discord was hacked by an "unauthorised party" resulting in a data breach including "a small number of government-IDs."
Last Friday, Discord notified users that "information from a limited number of users" who had contacted its Customer Support or Trust & Safety teams were obtained.
This included IDs from those who appealed age determination, highlighting the potential security implications of using third-party companies to comply with the Online Safety Act.
Discord listed the data that was breached, which included:
Name, Discord username, email and other contact details if provided to Discord customer support
Payment type, last four digits of credit cards, and purchase history if associated with an account
IP addresses
Messages with customer service agents
Limited corporate data (training materials, internal presentations)
A small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination
The data breach did not include passwords or authentication data, full credit card numbers or CCV code, or messages and activity on Discord "beyond discussions with customer support."
"As soon as we became aware of this attack, we took immediate steps to address the situation," the company said.
"This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement."
Users impacted by the data breach will receive an email from noreply@discord.com. Discord will not contact affected users by phone.
Those whose ID was accessed will be specifically notified in the email.
Top comments (0)