Hackers Threaten to Leak 2.1M Discord Users’ Passports, Licenses in Extortion Attack
Hackers have reportedly stolen greater than two million authorities identification images from Discord’s third-party help system and are actually threatening to leak them until the corporate pays a ransom.
The breach, which occurred on September 20, concerned Discord’s Zendesk occasion, a customer support platform utilized by the corporate to deal with person help and trust-and-safety inquiries.
2.1M Passport and License Photos Leaked in Discord Vendor Hack
According to cybersecurity analysis group VX-Underground, the attackers declare to have exfiltrated 1.5 terabytes of information, together with roughly 2,185,151 pictures tied to age verification appeals.
These pictures encompass passports and driver’s licenses submitted by Discord customers making an attempt to confirm their age after being flagged by the platform’s automated moderation system.
In an replace posted to its weblog on October 3, Discord confirmed that an “unauthorized get together” had accessed its third-party Zendesk occasion. The firm mentioned the incident affected a “restricted variety of customers” who had contacted its Customer Support or Trust & Safety groups.
Discord emphasised that its personal servers weren’t breached, and no person passwords, personal messages, or authentication information had been uncovered.
However, the attackers’ claims go far past Discord’s preliminary description of a restricted incident. VX-Underground shared screenshots of pattern ID pictures allegedly taken from the breach, saying Discord was being extorted for the stolen information.
The leaked recordsdata reportedly embrace images of passports, driver’s licenses, and different id paperwork used for verification. Discord has not confirmed the authenticity of the leaked samples however acknowledged that some ID images had been among the many information accessed.
While Discord’s official disclosure sought to reduce the size of the incident, VX-Underground and different cybersecurity observers introduced a special image, alleging that the attackers are in possession of over 2.1 million person verification images.
The group additionally revealed samples of the stolen paperwork to substantiate their claims and confirmed that Discord is being extorted to forestall a public launch.
Although Discord clarified that full bank card numbers, CCV codes, and personal messages weren’t uncovered, specialists warn that the stolen particulars might nonetheless be exploited for phishing, id theft, or social engineering assaults.
The breach has reignited considerations over how digital platforms deal with id verification information. Discord customers have expressed frustration on-line, noting that the corporate beforehand said age verification info could be deleted instantly after affirmation.
Critics say the storage of appeal-related paperwork created an pointless privateness danger, as these pictures had been stored on exterior servers.
Discord Hack Ignites UK Debate Over Digital ID Plans
Security analysts say the breach highlights a recurring flaw in data-handling practices: even when corporations outsource features like buyer help, delicate info can stay uncovered if distributors usually are not held to the identical safety requirements.
In this case, attackers seem to have focused Discord’s Zendesk setting immediately relatively than its main infrastructure, benefiting from the exterior system’s entry privileges.
The fallout from the incident has additionally spilled into broader political discussions in the United Kingdom, the place the information has fueled public opposition to the federal government’s deliberate nationwide Digital ID program.
I’ve obtained numerous requests to marketing campaign towards digital ID.
The petition, at 2.8 million signatures exhibits:
This isn’t any fringe view. It is a nationwide outcry.
See right here.
https://t.co/fNXPs2Ku4r
— David Davis MP (@DavidDavisMP) October 8, 2025
Following studies of the Discord hack, a petition opposing the initiative has surpassed 2.8 million signatures, with critics citing the breach as proof of the hazards of centralized digital identification techniques that retailer massive volumes of delicate information.
The Discord assault follows a sequence of comparable intrusions focusing on third-party service suppliers throughout the tech business. Zendesk, which offers helpdesk software program to quite a few companies, has been used as a backdoor in a number of previous assaults.
Discord mentioned it’s now reviewing all exterior distributors and auditing entry permissions to forestall future incidents.
As of this week, the extortionists haven’t disclosed the ransom quantity or the deadline for fee. Law enforcement businesses in the United States and Europe are reportedly investigating the case, however the authenticity of the hackers’ full dataset has but to be independently verified.
The breach comes amid a renewed give attention to digital id safety and person privateness. Last 12 months, Privado ID, a spin-off from Polygon Labs, introduced a web wallet that permits customers to confirm their age and id utilizing zero-knowledge proofs, a cryptographic methodology that confirms private particulars with out exposing underlying information.
The expertise has been touted as a privacy-preserving different to conventional doc uploads like these utilized by Discord’s age verification course of.
The submit Hackers Threaten to Leak 2.1M Discord Users’ Passports, Licenses in Extortion Attack appeared first on Cryptonews.
