Discord cyberattack: ID photos and partial credit card details of around 70,000 users leaked 

Messaging platform Discord recently informed its userbase that a cyberattack on one of its third-party vendors resulted in the potential leak of around 70,000 users' personal information. The platform first brought attention to the cyberattack in a blog post on its website on October 3, 2025.

The blog post, which was updated on October 8, noted that the leaked information could include official government ID-photos, names, contact information, partial credit card details, and IP addresses.

The blog post added that the company took "immediate steps" to address the attack as soon as it occurred, including revoking the third-party vendor's access to its system. The company is also cooperating with law enforcement regarding an investigation, with the blog post adding:

"Recently, we discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers. The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams." "As soon as we became aware of this attack, we took immediate steps to address the situation. This included revoking the customer support provider’s access to our ticketing system, launching an internal investigation, engaging a leading computer forensics firm to support our investigation and remediation efforts, and engaging law enforcement."

The potentially leaked information included customers' names, Discord usernames, contact details, email addresses, "limited billing information such as payment type, the last four digits of your credit card, and purchase history if associated with your account," IP addresses, messages with customer service agents, limited corporate data, and government-ID images of limited users.

The company added that full payment details, messages between users and other activity beyond discussions with customer service agents, and passwords or authentication data have not been leaked. The company will reportedly contact the affected users via email from the ID [email protected].

According to the BBC, Zendesk, one of the customer service software providers for the messaging platform, told the publication that "its systems had not been compromised." Additionally, the messaging platform also addressed online rumors that the cyberattack may be bigger than what has been revealed.

A company spokesperson denied the accusations in a statement to the BBC, adding that the claims were "part of an attempt to extort payment".

"We will not reward those responsible for their illegal actions," the spokesperson continued.

---

Discord recently implemented face scan for age verification in the UK and Australia

In April 2025, Discord recently rolled out a new strategy to ensure age verification for users in the UK and Australia. The minimum age requirement to create a Discord account is 13. The new age verification on the messaging platform came after the UK passed the Online Safety Act to ensure "robust" age checks for users to access adult content.

The experimental verification method, carried out by third-party company k-ID, requires users to either scan their face or show a photo identity card. The company reassured users that the information is for a one-time verification purpose, adding that the company does not store any biometric data.

However, users found a loophole to circumvent the age verification. According to a July 2025 article on PC Gamer, users began utilizing Death Stranding 2: On the Beach's photo mode to bypass the age verification by pointing the camera at a photo mode portrait of character Sam Porter Bridges (portrayed by Norman Reedus).

The platform's age verification system requires users to open/close their mouths for verification, which can be done on Death Standing by cycling through the Bridges' facial expressions.

---

Discord has yet to address the age verification loophole at the time of this writing.

Edited by Juhi Marzia