Discord says 70,000 users may have had their government IDs leaked in breach involving a third-party customer support provider. The company confirmed that attackers are spreading false claims about the scale of the incident as part of an extortion attempt.

According to Discord spokesperson Nu Wexler, the breach stemmed from a compromised Zendesk instance, not Discord’s own systems. A group of attackers reportedly claimed to possess 1.5TB of age verification photos, totaling more than two million images. However, Discord has dismissed those numbers as inaccurate.

Discord Responds To Extortion Claims

In a statement shared with The Verge, Discord said:

“Following last week’s announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. This was not a breach of Discord, but rather a third-party service we use to support our customer service efforts.”

Discord emphasized that the attackers are attempting to extort payment by exaggerating the scope of the breach. The company reiterated that around 70,000 users may have had government ID photos exposed, which were used by the vendor to verify user ages.

Company Secures Systems And Ends Work With Vendor

Discord has taken immediate steps to secure the affected systems and has terminated its relationship with the compromised vendor. The company confirmed it has contacted all affected users globally and is working with law enforcement, data protection authorities, and external cybersecurity experts to investigate the breach.

Wexler stated that Discord will “not reward those responsible for their illegal actions,” underscoring the company’s stance against paying ransoms or yielding to extortion.

What This Means For Discord Users

While Discord insists the breach did not affect its main platform, the exposure of government ID photos poses potential privacy risks for those affected. Users who submitted IDs for age verification are encouraged to monitor their personal information and remain alert for suspicious activity.

The incident also highlights growing concerns over third-party security vulnerabilities. Even when a platform like Discord maintains strong internal protections, external service providers can become a weak link—especially when handling sensitive user data such as government identification documents.

Discord’s Next Steps

The company says it will continue reviewing its partnerships and security protocols to prevent similar breaches in the future. Discord reaffirmed its commitment to safeguarding user privacy, stressing that user trust remains a top priority.

As of now, law enforcement agencies and data protection authorities are involved in investigating the attack and tracking down those responsible.