- Cyber Syrup
- Posts
- Discord Data Breach Exposes Government ID Photos of 70,000 Users
Discord Data Breach Exposes Government ID Photos of 70,000 Users
Discord confirmed that hackers stole government identification photos belonging to approximately 70,000 users in a recent data breach

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
The Gold standard for AI news
AI keeps coming up at work, but you still don't get it?
That's exactly why 1M+ professionals working at Google, Meta, and OpenAI read Superhuman AI daily.
Here's what you get:
Daily AI news that matters for your career - Filtered from 1000s of sources so you know what affects your industry.
Step-by-step tutorials you can use immediately - Real prompts and workflows that solve actual business problems.
New AI tools tested and reviewed - We try everything to deliver tools that drive real results.
All in just 3 minutes a day
Discord Data Breach Exposes Government ID Photos of 70,000 Users

Discord, a popular social media and communication platform used by millions worldwide, confirmed that hackers stole government identification photos belonging to approximately 70,000 users in a recent data breach. The company attributed the incident to a third-party customer support vendor, rather than a direct compromise of its own infrastructure.
Details of the Breach
On October 3, 2025, Discord announced that attackers had gained unauthorized access to a third-party service provider responsible for handling customer support and Trust & Safety inquiries. The compromised vendor reportedly stored sensitive user data used for age verification and account appeals.
In an October 8 update, Discord clarified that:
“Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals.”
The company further revealed that in addition to identification photos, the attackers also obtained:
Full names and Discord usernames
Email addresses and contact information
Billing details and IP addresses
Copies of messages exchanged with support staff
Limited corporate data
While Discord has characterized the exposure of government ID photos as affecting “a small number” of users, threat researchers report otherwise.
Hacker Claims and Ongoing Extortion
According to cybersecurity research collective Vx-Underground, the attackers claim to have exfiltrated 1.5 terabytes of data, including more than 2.1 million ID photos. The group verified samples of the stolen files and confirmed that the threat actors are actively attempting to extort Discord, threatening to release the data if their ransom demands are not met.
“They are threatening to release the stolen data if Discord does not pay them an undisclosed amount of money,” said Vx-Underground. “According to the threat actors, Discord is ignoring them and/or not complying with their demands.”
Connection to Zendesk Campaign
The incident appears linked to a broader campaign targeting organizations that use Zendesk, a cloud-based customer service platform. Discord’s compromised systems fell within this campaign’s scope, according to Vx-Underground.
Zendesk, however, denies that its own systems were breached, saying that the issue did not stem from a vulnerability in its platform. This marks the second time in recent years that a Discord-related breach has been tied to a third-party support provider—an earlier 2023 incident also involved a compromised customer service agent.
Impact and Lessons
Discord maintains that the breach has no direct impact on platform functionality and is working with cybersecurity experts to strengthen vendor oversight. The event highlights the security risks associated with third-party integrations, particularly for platforms handling sensitive identity verification data.
For users, the incident underscores the importance of limiting personal information shared with online services, even when those services require verification for legitimate reasons.