I received a wierd email from Discord final Friday on the very finish of the work day informing me of “a recent security incident on September 20 involving your personal data.” It mentioned private data associated to my account had been compromised, however not full bank card data or my private tackle. The e-mail made it seem to be solely a small variety of individuals have been impacted and easily informed me to “stay alert” about any suspicious emails I would get. Suspicious? On the web? In 2025? Good luck! Practically every week late it’s turning into clear that this “limited access” hack of a “third-party customer service system used by Discord” is a a lot larger deal than it initially appeared.
“A small number of government‑ID images (e.g., driver’s license, passport) from users who had appealed an age determination” have been included within the leak, Discord knowledgeable customers like me final week. In accordance with a new report by 404 Media, the hackers accountable gloated in a Telegram group that they really had 1.5TB of customers’ private information. Discord admitted to The Verge final night time that it really believes as much as 70,000 customers might have had their authorities IDs breached. There’s already a class-action lawsuit being filed in California.
One of many huge culprits on this whole mess is laws just like the UK’s controversial On-line Security Act which requires customers to show to platforms that they’re 18 years or older utilizing selfies and authorities IDs. Within the period of a $1 trillion generative AI deal-industrial complex, that looks like probably placing your whole identification up for grabs on the web. “Online ID checks may seem like a common-sense solution, but that facade hides a much darker truth: lawmakers are pressuring companies to implement surveillance and censorship tactics and it’s putting all of us in danger,” anti-surveillance campaigner Sarah Philips informed Kotaku in an e-mail.
Chat, we’re cooked
Discord is being extorted by the individuals who compromised their Zendesk occasion
They have 1.5TB of age verification associated photographs. 2,185,151 photographs
tl;dr 2.1m Discord customers drivers license and/or passport may be leaked. Unknown variety of e-mails
— vx-underground (@vxunderground) October 8, 2025
As 404 Media studies, the hackers have been threatening the favored social gaming platform with partial releases of its trove of delicate information, which incorporates every little thing from partial cellphone numbers to the final time a given consumer was seen on Discord. The samples reportedly embrace screengrabs of thumbnails of customers’ identification selfies in addition to a assist desk ticket that seemingly belongs to alleged Charlie Kirk shooter Tyler Robinson.
How did the hackers get this information to start with? A spokesperson for ZenDesk, the third-party customer support firm supporting Discord, informed 404 Media its methods have been “not compromised.” Infosec account vx-underground was told the breach got here through an outsourced assist agent.
“All affected users globally have been contacted and we continue to work closely with law enforcement, data protection authorities, and external security experts,” Discord spokesperson Nu Wexler informed The Verge earlier this week. “We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause.”
Discord didn’t instantly reply to a request for touch upon the claims it’s being extorted or the vulnerability that led to the hack.
