Discord says 70,000 users may have had their government IDs leaked in breach involving a third-party customer support provider. The company confirmed that attackers are spreading false claims about the scale of the incident as part of an extortion attempt.
According to Discord spokesperson Nu Wexler, the breach stemmed from a compromised Zendesk instance, not Discord’s own systems. A group of attackers reportedly claimed to possess 1.5TB of age verification photos, totaling more than two million images. However, Discord has dismissed those numbers as inaccurate.
In a statement shared with The Verge, Discord said:
“Following last week’s announcement about a security incident involving a third-party customer service provider, we want to address inaccurate claims by those responsible that are circulating online. This was not a breach of Discord, but rather a third-party service we use to support our customer service efforts.”
Discord emphasized that the attackers are attempting to extort payment by exaggerating the scope of the breach. The company reiterated that around 70,000 users may have had government ID photos exposed, which were used by the vendor to verify user ages.
Discord has taken immediate steps to secure the affected systems and has terminated its relationship with the compromised vendor. The company confirmed it has contacted all affected users globally and is working with law enforcement, data protection authorities, and external cybersecurity experts to investigate the breach.
Wexler stated that Discord will “not reward those responsible for their illegal actions,” underscoring the company’s stance against paying ransoms or yielding to extortion.
While Discord insists the breach did not affect its main platform, the exposure of government ID photos poses potential privacy risks for those affected. Users who submitted IDs for age verification are encouraged to monitor their personal information and remain alert for suspicious activity.
The incident also highlights growing concerns over third-party security vulnerabilities. Even when a platform like Discord maintains strong internal protections, external service providers can become a weak link—especially when handling sensitive user data such as government identification documents.
The company says it will continue reviewing its partnerships and security protocols to prevent similar breaches in the future. Discord reaffirmed its commitment to safeguarding user privacy, stressing that user trust remains a top priority.
As of now, law enforcement agencies and data protection authorities are involved in investigating the attack and tracking down those responsible.
Access our platform effortlessly on-the-go through our user-friendly mobile apps.
𝗦𝗲𝗺𝗮𝘀𝗼𝗰𝗶𝗮𝗹 𝗶𝘀 𝘄𝗵𝗲𝗿𝗲 𝗿𝗲𝗮𝗹 𝗽𝗲𝗼𝗽𝗹𝗲 𝗰𝗼𝗻𝗻𝗲𝗰𝘁, 𝗴𝗿𝗼𝘄, 𝗮𝗻𝗱 𝗯𝗲𝗹𝗼𝗻𝗴. We’re more than just a social platform — from jobs and blogs to events and daily chats, we bring people and ideas together in one simple, meaningful space.
