Hackers have reportedly stolen greater than two million authorities identification photographs from Discord’s third-party help system and are actually threatening to leak them except the corporate pays a ransom.
The breach, which occurred on September 20, concerned Discord’s Zendesk occasion, a customer support platform utilized by the corporate to deal with consumer help and trust-and-safety inquiries.
2.1M Passport and License Images Leaked in Discord Vendor Hack
Based on cybersecurity analysis group VX-Underground, the attackers declare to have exfiltrated 1.5 terabytes of knowledge, together with roughly 2,185,151 photographs tied to age verification appeals.
These photographs encompass passports and driver’s licenses submitted by Discord customers making an attempt to confirm their age after being flagged by the platform’s automated moderation system.
Chat, we’re cooked
Discord is being extorted by the individuals who compromised their Zendesk occasion
They've obtained 1.5TB of age verification associated photographs. 2,185,151 photographs
tl;dr 2.1m Discord customers drivers license and/or passport is likely to be leaked. Unknown variety of e-mails— vx-underground (@vxunderground) October 8, 2025
In an replace posted to its weblog on October 3, Discord confirmed that an “unauthorized social gathering” had accessed its third-party Zendesk occasion. The corporate stated the incident affected a “restricted variety of customers” who had contacted its Buyer Assist or Belief & Security groups.
Discord emphasised that its personal servers weren’t breached, and no consumer passwords, non-public messages, or authentication information have been uncovered.
Nevertheless, the attackers’ claims go far past Discord’s preliminary description of a restricted incident. VX-Underground shared screenshots of pattern ID photographs allegedly taken from the breach, saying Discord was being extorted for the stolen information.
On September 20, Discord skilled a safety incident involving its customer support platform. This incident resulted within the publicity of customers' names, usernames, electronic mail addresses, restricted fee info, IP addresses, and messages exchanged with customer support. pic.twitter.com/mbrbThQw7i
— Discord Previews (@DiscordPreviews) October 3, 2025
The leaked information reportedly embody photographs of passports, driver’s licenses, and different id paperwork used for verification. Discord has not confirmed the authenticity of the leaked samples however acknowledged that some ID photographs have been among the many information accessed.
Whereas Discord’s official disclosure sought to attenuate the dimensions of the incident, VX-Underground and different cybersecurity observers offered a unique image, alleging that the attackers are in possession of over 2.1 million consumer verification photographs.
The group additionally revealed samples of the stolen paperwork to substantiate their claims and confirmed that Discord is being extorted to stop a public launch.
Though Discord clarified that full bank card numbers, CCV codes, and personal messages weren’t uncovered, consultants warn that the stolen particulars might nonetheless be exploited for phishing, id theft, or social engineering assaults.
Replace: We’ve turn into conscious that the perpetrators of this assault declare to have obtained 1.5 TB of age-verification photographs totalling 2,185,151 photographs, which they’re now utilizing to extort Discord. https://t.co/iCPl7ljQLy pic.twitter.com/cTrnDCaTeu
— Discord Previews (@DiscordPreviews) October 8, 2025
The breach has reignited considerations over how digital platforms deal with id verification information. Discord customers have expressed frustration on-line, noting that the corporate beforehand said age verification info can be deleted instantly after affirmation.
Critics say the storage of appeal-related paperwork created an pointless privateness danger, as these photographs have been stored on exterior servers.
Discord Hack Ignites UK Debate Over Digital ID Plans
Safety analysts say the breach highlights a recurring flaw in data-handling practices: even when firms outsource features like buyer help, delicate info can stay uncovered if distributors are usually not held to the identical safety requirements.
On this case, attackers seem to have focused Discord’s Zendesk atmosphere straight slightly than its major infrastructure, benefiting from the exterior system’s entry privileges.
The fallout from the incident has additionally spilled into broader political discussions in the UK, the place the information has fueled public opposition to the federal government’s deliberate nationwide Digital ID program.
I’ve obtained numerous requests to marketing campaign in opposition to digital ID.
The petition, at 2.8 million signatures reveals:
That is no fringe view. It’s a nationwide outcry.
See right here.https://t.co/fNXPs2Ku4r
— David Davis MP (@DavidDavisMP) October 8, 2025
Following reviews of the Discord hack, a petition opposing the initiative has surpassed 2.8 million signatures, with critics citing the breach as proof of the risks of centralized digital identification programs that retailer giant volumes of delicate information.
The Discord assault follows a sequence of comparable intrusions focusing on third-party service suppliers throughout the tech trade. Zendesk, which gives helpdesk software program to quite a few companies, has been used as a backdoor in a number of previous assaults.
Discord stated it’s now reviewing all exterior distributors and auditing entry permissions to stop future incidents.
As of this week, the extortionists haven’t disclosed the ransom quantity or the deadline for fee. Legislation enforcement businesses in the USA and Europe are reportedly investigating the case, however the authenticity of the hackers’ full dataset has but to be independently verified.
The breach comes amid a renewed give attention to digital id safety and consumer privateness. Final 12 months, Privado ID, a spin-off from Polygon Labs, launched an online pockets that enables customers to confirm their age and id utilizing zero-knowledge proofs, a cryptographic methodology that confirms private particulars with out exposing underlying information.
The know-how has been touted as a privacy-preserving different to conventional doc uploads like these utilized by Discord’s age verification course of.
The put up Hackers Threaten to Leak 2.1M Discord Customers’ Passports, Licenses in Extortion Assault appeared first on Cryptonews.