A major data breach has shaken Discord, one of the world’s most popular chat platforms, after hackers claimed to have stolen over 2 million user identification photos and 1.5 terabytes of sensitive data by exploiting a third-party customer support system. While Discord disputes the exact figures, this incident has ignited serious concerns about user privacy, third-party risk, and the security of digital verification processes.
Key Takeaways
- Hackers claim to possess 1.5TB of sensitive user data, including over 2 million government-issued ID images from Discord users.
- Discord asserts the actual number of affected users is around 70,000.
- The breach occurred via a compromised support agent’s access to Discord’s outsourced Zendesk system, not Discord’s core infrastructure.
- Exposed data includes names, Discord usernames, emails, partial billing information, support transcripts, IP addresses, and government ID photos used for age verification.
- Discord has refused to pay the ransom and is collaborating with law enforcement.
How the Breach Happened
The incident originated on September 20, 2025, when cybercriminals breached Discord’s third-party vendor, Zendesk, which managed customer support and age verification appeals. Attackers gained access for 58 hours by compromising a support agent’s credentials, using this window to exfiltrate large volumes of sensitive information. The group claiming responsibility, known as Scattered Lapsus$ Hunters (SLH), has since tried to extort Discord, demanding a ransom to prevent the public release of the stolen data.
What Data Was Stolen?
The stolen trove reportedly includes:
- Usernames and email addresses
- Customer support and Trust & Safety message logs
- IP addresses
- Limited billing details, such as payment method and the last four digits of credit card numbers
- Crucially, images of government-issued IDs (driver’s licenses, passports) submitted by users for age verification appeals
Discord maintains the scale of the attack is exaggerated as part of the ransom campaign, affirming roughly 70,000 users have been affected—much less than the over 2 million ID photos touted by the hackers.
Update: We have become aware that the perpetrators of this attack claim to have obtained 1.5 TB of age-verification photos totalling 2,185,151 images, which they are now using to extort Discord. https://t.co/iCPl7ljQLy pic.twitter.com/cTrnDCaTeu
— Discord Previews (@DiscordPreviews) October 8, 2025
Discord’s Response and User Impact
In quick response, Discord revoked all vendor access to its ticketing system, ended its relationship with the breached provider, and hired a leading computer forensics firm to investigate. All affected users are being directly notified via email, with instructions on protective actions.
Discord has assured its community that full credit card details, passwords, and private messages remain uncompromised. The company continues to work with law enforcement and regulators to address the fallout.
Risks Highlighted by the Breach
This breach has highlighted the growing threat of supply chain attacks, in which cybercriminals target less-secure third-party service providers to access otherwise robust organizations. Such incidents underscore the importance of strong security practices and strict oversight throughout every layer of tech partnerships.
Table: Overview of Exposed Data Categories
| Data Category | Exposed? |
|---|---|
| Usernames | Yes |
| Email Addresses | Yes |
| Government ID Photos | Yes |
| Full Credit Card Numbers | No |
| Passwords | No |
| Private Messages | No (outside support) |
Ongoing Investigation and Industry Impact
As Discord refuses to pay the ransom and continues its investigation, the wider technology sector is once again reminded to scrutinize vendor access, tighten data retention policies, and prepare for potential extortion attempts. Regulatory pressure and user demands for privacy are expected to intensify following this incident.
While Discord disputes the full extent of the leak, cybersecurity experts warn that any exposure of identity verification documents poses real risks, including identity theft and social engineering attacks. Users are advised to be vigilant for phishing attempts and follow guidance in official communications from Discord.
