On April 14, Discord confirmed the occurrence of a large-scale data breach against its outsourcing provider that handles user support on Discord’s behalf. As the full extent of the breach continues to be revealed—the breach is now believed to be much larger than originally reported—the hack has sparked widespread alarm and outrage. On October 8, 2025, Discord pushed out an update. They admitted that at least 70,000 government-issued IDs could be included in the leaked data.
While all breaches are serious, this breach has garnered significant media attention due to the sheer scope of the data compromised. The data is much more than just user account information. It includes sensitive information such as driver’s licenses and passports. Breach reports suggest that an unauthorized third party has stolen as many as 1.5 terabytes of explicit policy age verification photos. This potentially massive breach is truly alarming on all counts. This number includes an earthshaking 2,185,151 images.
Initial Reports and Breach Scope
At first, Discord communicated the breach to its users, sharing very few details beyond the fact that this had even occurred. As conversations on social media began to develop, many on Twitter guessed that the breach was even worse than what had been reported. Unfortunately, this speculation has been borne out by Discord’s recent disclosures, which show that the affected data was tied to millions of users.
The data breach on Discord’s customer service provider is especially alarming, considering the type of data exposed in this case. As critical personal documents, misuse of government IDs can result in identity theft or fraud. The platform’s recognition that the exposure of 70,000 government IDs is a big deal is an admission of the severity of the incident.
Details of the Compromise
Digging deeper, Discord published more information about the incident. Additionally, because the breach specifically targeted age verification data, this incident included the theft of a significant amount of personal identifiable images, including minors. This breach has monumental consequences beyond the dollar amount. It underscores a serious lapse in the security practice at the customer care outsourcer.
In the face of public outcry, Discord’s recent update reiterated that 2.1 million compromised government IDs is a dramatically larger number than their original estimates. This discrepancy should lead to grave concerns over the effectiveness of their data protection measures. What happened that a breach of this scale could happen without anyone noticing for so long?
Response and Future Measures
Following the breach, Discord moved quickly to resolve the matter with its customer service vendor. The site is currently working on rolling out increased security measures to avoid this happening again. We want to encourage users to stay vigilant, and always monitor your accounts for any suspicious or unexpected activity.
Discord’s willingness to be forthright moving forward from this incident will be the most important thing in restoring trust among its users. The platform understands the need to protect sensitive information and is committed to improving. While those investigations are still ongoing, we’re committed to keeping users updated on the steps we are taking to protect you.
