Hackers have stolen over 2 million id pictures from Discord customers and at the moment are demanding ransom from the favored messaging platform.
The breach occurred on September 20, 2025, when attackers broke into Discord’s buyer help system and grabbed delicate private paperwork together with driver’s licenses and passports.
The assault focused Discord’s Zendesk support system, exposing 2,185,151 pictures belonging to 2.1 million customers who submitted ID paperwork for age verification. Discord waited almost two weeks earlier than publicly asserting the breach on October 3, 2025.
What Data Was Stolen
The hackers accessed extra than simply pictures. Additionally they grabbed names, e mail addresses, Discord usernames, and messages customers despatched to buyer help. Some customers had their IP addresses uncovered together with restricted cost data—particularly the final 4 digits of bank card numbers and buy historical past.
Discord confirmed that full bank card numbers, passwords, and common chat messages between customers weren’t accessed. The breach solely affected individuals who contacted Discord’s Buyer Help or Belief & Security groups.
In accordance with safety researchers, the attackers declare they’ve 1.5 terabytes value of information. That’s an infinite quantity of private data now within the arms of criminals.
How the Hack Occurred
The breach didn’t goal Discord’s essential techniques straight. As a substitute, hackers used social engineering techniques—manipulating folks slightly than exploiting software program bugs—to compromise the third-party help supplier.
A bunch calling themselves Scattered Lapsus$ Hunters has taken credit score for the assault. This coalition combines techniques from well-known hacking teams like Scattered Spider, Lapsu$, and ShinyHunters. They posted screenshots on Telegram exhibiting that they had entry to Discord’s inner instruments and administrative panels, mocking the corporate’s safety measures.
Supply: @vxunderground
Nevertheless, there’s confusion about who truly pulled off the hack. The group later recommended a special crew they know was answerable for the breach.
Age Verification Legal guidelines Create New Dangers
This breach highlights main considerations about new age verification necessities. The UK handed the On-line Security Act in July 2025, forcing platforms like Discord to confirm customers’ ages by checking authorities IDs. A number of US states adopted with related legal guidelines—Ohio and Arizona enacted their variations in late September 2025.
Discord promised customers that ID pictures can be “deleted straight after your age group is confirmed.” However the stolen knowledge got here from customers who appealed age verification choices, that means Discord’s help system stored copies of those paperwork.
Privateness advocates warned this is able to occur. When corporations gather and retailer giant quantities of delicate id paperwork, they create enticing targets for hackers. This Discord breach proves these fears had been justified.
Impression on the Crypto Neighborhood
The breach poses severe dangers for cryptocurrency customers on Discord. Many crypto tasks, NFT communities, and blockchain networks use Discord as their essential communication hub. Builders, merchants, and buyers frequently talk about delicate subjects in these areas.
Hudson Rock’s Chief Expertise Officer Alon Gal explained the danger: “If it leaks, this db goes to be big for fixing crypto associated hacks and scams as a result of scammers don’t usually bear in mind utilizing a burner e mail and VPN and nearly all of them are on Discord.”
The stolen knowledge might assist criminals establish crypto influencers, merchants with vital holdings, and challenge builders. Hackers might use this data for focused phishing assaults, id theft, or extortion schemes. Somebody’s actual title, location particulars from ID pictures, and Discord exercise creates an in depth profile criminals can exploit.
The timing is especially dangerous since Discord has over 200 million month-to-month customers, with a good portion concerned in crypto and blockchain communities.
Higher Options Exist
Expertise corporations don’t want to gather and retailer thousands and thousands of ID pictures to confirm age. Zero-knowledge proofs provide a privacy-friendly various that mathematically confirms somebody’s age with out revealing their full id or storing delicate paperwork.
Concordium, a blockchain platform, launched a cell app in August that makes use of this know-how. Customers can show they’re over 18 with out sharing their precise ID with any firm. Google Wallet additionally built-in zero-knowledge proofs for age verification in April 2025.
These techniques stop the buildup of doc pictures on servers that may be hacked. If Discord had used zero-knowledge proofs as an alternative of gathering ID photographs, this breach would have uncovered far much less delicate data.
Discord’s Response and Person Actions
Discord instantly minimize off the compromised help supplier’s entry and introduced in pc forensics specialists. The corporate notified regulation enforcement and knowledge safety authorities in regards to the breach.
Affected customers are receiving emails from noreply@discord.com—Discord’s solely official channel for breach notifications. The corporate warned it can by no means name customers about this incident. Customers ought to look ahead to phishing emails pretending to be from Discord, as scammers usually exploit knowledge breaches to steal extra data.
This marks Discord’s third safety incident in 2025. The platform beforehand handled Epsilon Crimson ransomware distribution in July and a malware assault via its Content material Supply Community in August.
The Backside Line
This breach demonstrates precisely what privateness advocates feared about obligatory ID assortment. When corporations retailer thousands and thousands of delicate paperwork in centralized databases, they create irresistible targets for hackers. The two.1 million Discord customers who trusted the platform with their authorities IDs now face potential id theft dangers.
For crypto customers, the state of affairs is especially regarding given Discord’s central position in blockchain communities. Higher privateness know-how exists and corporations ought to undertake it earlier than extra private data falls into prison arms.
Sven Luiv Sven Luiv Read More
