Messaging platform Discord has said that government ID photos from approximately 70,000 users may have been exposed after hackers compromised a third‑party customer service vendor that handled age‑verification appeals for the platform.
The company said its own systems were not breached and that it has notified all affected users, revoked the vendor’s access and is working with law enforcement and regulators.
A spokesperson told the Verge that claims circulating online vastly overstate the scale of the incident and are part of an extortion attempt. “Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals,” the statement said, adding: “We will not reward those responsible for their illegal actions.”
Discord explained that the stolen data relates to people who contacted customer support or the trust and safety team to verify their age, a process that can require uploading images of driver’s licences or passports.
The company said messages and activity on the platform were not accessed, though other information such as names, usernames, emails, IP addresses and the last four digits of credit cards may have been impacted. “Looking ahead, we recommend impacted users stay alert when receiving messages or other communication that may seem suspicious,” the company said.
The breach highlights the growing risks tied to online age checks, which have proliferated as governments introduce rules to protect children. In the UK, age‑verification requirements for social media were strengthened under the Online Safety Act.
Privacy advocates have warned that storing sensitive images can make verification providers attractive targets. “Age verification systems are surveillance systems,” said Maddie Daly, assistant director of federal affairs at the Electronic Frontier Foundation. “A person who submits identifying information online can never be sure if websites will keep that information or how that information might be used or disclosed.”
The UK’s Information Commissioner’s Office confirmed it had received a report from Discord and is assessing the incident. “Recently, we discovered an incident where an unauthorised party compromised one of Discord’s third‑party customer service providers,” Discord said, reiterating that roughly 70,000 government ID photos may have been exposed through the appeals process.
