In early October 2025, Discord disclosed a security breach involving its third-party customer support partner, Zendesk. Initially, the company reported that the compromised data included user names, Discord usernames, email addresses, limited billing information, IP addresses, customer service messages, and certain corporate materials. Additionally, Discord acknowledged that a small number of government-issued ID images, such as driver’s licenses and passports, submitted during age verification appeals, were accessed by unauthorized parties.
However, subsequent reports suggest that the extent of the breach may be more significant than initially communicated. Security researcher vx-underground indicated that the attackers obtained approximately 1.5 terabytes of age verification-related photos, totaling over 2.1 million images. This implies that a substantial number of Discord users’ government IDs could be at risk.
Discord has not confirmed these figures but has stated that it is in the process of notifying affected users via email from [email protected]. The company emphasizes that if users do not receive such an email, their data was likely not impacted.
In response to the breach, Zendesk issued a statement clarifying that their platform was not compromised, suggesting that the incident did not stem from a vulnerability within their systems.
This incident underscores the critical importance of robust data security measures, especially when handling sensitive personal information. Users are advised to remain vigilant, monitor their accounts for unusual activity, and be cautious of potential phishing attempts that may arise from the exposure of personal data.
