Discord announces that 70,000 users' ID card images and the last four digits of their ID and credit card numbers may have been leaked

Discord announced that a third-party service it uses to assist with customer support operations was breached, potentially exposing some of its users' data. The data potentially exposed included usernames, Discord IDs, email addresses, the last four digits of credit card numbers, IP addresses, and images of IDs.

Update on a Security Incident Involving Third-Party Customer Service

Discord says 70,000 users may have had their government IDs leaked in breach | The Verge
https://www.theverge.com/news/797051/discord-government-ids-leaked-data-breach

Discord said the data breach was not related to the app itself, but to a third-party service it uses to assist with customer support. Discord said 70,000 users who have contacted its customer support or trust and safety teams were at risk of data exposure.

The potentially exposed data includes names, Discord IDs, email addresses, and other contact information provided when contacting customer support, as well as billing information such as payment methods, the last four digits of credit card numbers, and purchase history if associated with the account. It also includes IP addresses and the contents of messages exchanged with customer support representatives. Other data that may have been exposed includes training materials and internal presentations. Images of IDs submitted by users when filing age-related disputes were also reportedly accessed.

Discord has announced that the following data was not affected by the unauthorized access: 'full credit card numbers and CCV codes (security codes),' 'Discord messages and activity other than customer support contact,' and 'passwords and authentication information.'

Vx-underground, a person with detailed knowledge of this case, reports that the specific service that was compromised was Zendesk, and that the threat actors obtained photos of driver's licenses and passports, totaling 1.5TB (2,185,151 images).

Chat, we are cooked

Discord is being extorted by the people who compromised their Zendesk instance

They've got 1.5TB of age verification related photos. 2,185,151 photos

tl;dr 2.1m Discord users drivers license and/or passport might be leaked. Unknown number of e-mails

— vx-underground (@vxunderground) October 8, 2025

According to vx-underground, there were a series of unauthorized access attempts to Zendesk around August 2025, and Discord is believed to have been a victim of this. However, the threat actors responsible for these unauthorized access attempts are actively trying to extort money from Discord, threatening to release data if the requests are not met, but Discord has not responded to the demands. Discord itself has stated that it has no intention of paying.

I'm not familiar enough with Discord to assert that this large pool of photos and identification is the result of government regulations.

I'm aware the United Kingdom (and soon Australia) have laws which try to protect children online by making adults verify their age by…

— vx-underground (@vxunderground) October 8, 2025