Hackers threaten to leak millions more documents
Discord has confirmed that approximately 70,000 users had their government-issued ID photos exposed following a breach of a third-party customer support vendor, as hackers attempt to blackmail the platform by threatening to release millions of additional documents.
The communication platform, which serves over 200 million users worldwide, said the breach occurred on September 20, 2025, but stressed that Discord’s own systems were not directly compromised.
Leaked data includes identity verification documents submitted by users during age verification, as well as names, email addresses, IP addresses, and the last four digits of credit card numbers from individuals who contacted Discord’s customer support.
Discord spokesperson Nu Wexler told The Verge that all affected users worldwide have been notified and that the company is cooperating with law enforcement, data protection authorities, and cybersecurity experts to contain the incident.
Hacker group claims larger breach and ransom demand
A cybercriminal group calling itself “Scattered Lapsus$ Hunters” claimed responsibility for the attack and is attempting to extort Discord by inflating the scale of the breach. The hackers allege they stole 1.5 terabytes of data, including more than 2.1 million ID images, claiming they maintained 58 hours of access to Discord’s Zendesk customer support system beginning on September 20.
Discord has firmly disputed these claims, calling them part of an extortion attempt. “The figures being shared are inaccurate and part of an effort to extort Discord,” Wexler said. “We will not reward those responsible for illegal actions.”
Reports indicate that the attackers demanded a $3.5 million ransom and threatened to publicly release the stolen data after Discord refused to negotiate.
Company response and renewed scrutiny over age verification policies
Following the breach, Discord revoked access to the affected vendor’s systems and launched a forensic investigation with a leading cybersecurity firm. The company has not publicly identified the compromised provider, though security researchers suggest that Zendesk was the third-party service involved.
The incident has reignited debate around mandatory age verification policies, which require platforms to collect government-issued identity documents. Critics argue that storing such sensitive data across multiple external systems poses unnecessary risks.
Discord’s age verification process requires users flagged as potentially underage to submit photos of themselves holding their government ID, intended solely for verification and later deletion. However, the breach demonstrates the vulnerability of even temporary data storage in third-party systems.
A growing trend of large-scale cyberattacks
The Discord breach follows a series of major cybersecurity incidents affecting global tech platforms in 2025. Google, Salesforce, and Microsoft have all recently reported large-scale intrusions tied to ransomware and zero-day vulnerabilities, underscoring the escalating sophistication of cybercriminal operations.
As investigations continue, Discord faces increasing pressure from regulators and privacy advocates to reassess its data collection practices and ensure stricter controls over third-party vendors handling sensitive user information.
While the full scope of the breach remains under review, experts warn that the incident is a wake-up call for all digital platforms that rely on outsourced verification services — a reminder that even one weak link in the data chain can expose millions to risk.
