Discord Data Breach 2025: Around 70,000 ID Photos Leaked in Massive Cyberattack — What Should You Do?
Is there anything you can do to protect your government ID?
Discord, a global communication platform with more than 200 million users, confirmed on 3 October 2025 that a cyberattack exposed official government ID photos of tens of thousands of users. The incident occurred after hackers breached one of Discord's third-party customer service vendors responsible for handling age-verification appeals.
The Discord data breach 2025 did not directly compromise its main systems. Instead, the attackers exploited a vulnerability in the external provider's network. The leaked files may include ID photos, partial billing details, email addresses, and private messages between users and support agents.
Authorities in the UK have been informed. Investigations are under way to determine how the breach happened and who was behind it. Discord said the attackers tried to extort money, but the company refused to pay.
UK Official Confirmed Discord Data Breach 2025
According to The Guardian, the UK Information Commissioner's Office confirmed that it had received a report from Discord about the data breach. A spokesperson from the ICO stated, 'We have received a report from Discord and we are assessing the information provided'.
The breach became public in early October, though detailed reports about the affected users surfaced on 9 October following statements from Discord and coverage from major news outlets.
According to Discord's official update released on 3 October, the breach originated from a third-party provider, 5CA, which handled Discord's customer support operations. Discord clarified that its core systems remained secure. The company said, 'This was not a breach of Discord, but rather a breach of a third party service provider, 5CA, that we used to support our customer service efforts.'
The timing has raised concerns due to the UK's new Online Safety Act, which came into force in July 2025, requiring digital platforms to verify users' ages.
Around 70K Government ID Photos Leaked
Discord confirmed that roughly 70,000 users worldwide were affected. The stolen files reportedly include government-issued IDs, usernames, email addresses, and service chat logs.
'Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed', the company said in a statement.
Hackers have claimed to possess more than two million images, but Discord rejected that figure, calling it part of an extortion attempt. The company stressed that no full payment details or passwords were leaked. The affected data came from users appealing age-verification errors that required ID submission to the vendor.
Discord Removes Customer Service's Access
After detecting the breach, Discord cut off access for the third-party vendor and began a forensic investigation. The firm explained, 'We immediately revoked the customer support provider's access to our ticketing system and continue to investigate this matter.'
Discord has been cooperating with law enforcement and has informed relevant data regulators. Users have been told that only emails from noreply@discord.com are official.
The company also assured users that the platform itself remains secure. Zendesk, another partner company, confirmed that its own systems were unaffected. A representative stated that the breach did not involve their platform.
Experts Blame UK's Age Verification Policy
Cybersecurity specialists have pointed fingers at the UK's Online Safety Act for creating unnecessary data collection risks. Nathan Webb, Principal Consultant at Acumen Cyber, said, 'Despite age verification being outsourced, businesses still have an accountability to ensure that data is stored appropriately.'
Experts argued that requiring ID verification forces companies to collect sensitive information, increasing exposure to hackers. Sky News technology correspondent Rowland Manthorpe described the Discord data breach as 'the first major test of the UK's age verification system.' He added, 'Until recently, a hack like this could not have happened because companies had no need to process and collect proofs of age.'
What Should Discord Users Do?
Discord has urged users to remain cautious. Affected users will receive an email from noreply@discord.com confirming whether their data was exposed.
The company advises checking for suspicious emails or messages, avoiding unknown links, and monitoring bank accounts for any irregular activity.
'Looking ahead, we recommend impacted users stay alert when receiving messages or other communication that may seem suspicious', Discord stated.
Cybersecurity experts also recommend changing passwords across connected accounts, enabling two-factor authentication, and reporting any phishing attempts to Discord or local cybercrime authorities.
For now, the Discord data breach 2025 stands as a major reminder of how vulnerable even trusted platforms can become when third-party systems fail.
© Copyright IBTimes 2025. All rights reserved.
- MOST POPULAR IN Technology
