What we know so far: Discord users who have submitted government IDs to customer service to appeal the app's new age gate are being notified that hackers recently accessed their photos. However, the attackers claim to have stolen far more information than Discord has confirmed.

After Discord confirmed that a cyberattack breached a customer service contractor late last month, hackers reportedly claimed to have over 1.5TB of users' photo IDs, or approximately 2.1 million photos. However, the company disputes this claim.
Discord Previews, an X account that provides information about upcoming Discord updates, shared an image purporting to show the volume of stolen data the hackers are allegedly using to blackmail the company. The September 20 breach resulted in the leak of personal data from Zendesk, which handles the company's customer service interactions. This included personal names, email addresses, Discord usernames, IP addresses, chat histories with customer service agents, and limited billing data, but not full credit card numbers.
Update: We have become aware that the perpetrators of this attack claim to have obtained 1.5 TB of age-verification photos totalling 2,185,151 images, which they are now using to extort Discord. https://t.co/iCPl7ljQLy pic.twitter.com/cTrnDCaTeu
– Discord Previews (@DiscordPreviews) October 8, 2025
The stolen photo IDs were submitted by users appealing the app's decision to lock them out of age-restricted content after using other age verification methods, such as facial scans. In a later statement, Discord accused the hackers of misinformation in an attempt to extort the company, claiming that around 70,000 users' photos were exposed, and that all have been contacted.
Discord recently joined a global trend of services and websites forcing users in certain territories to verify their ages by uploading photos or other proof of identification in compliance with new laws. Although the affected companies promised never to store users' personal data or track their activities, the recent Discord hack demonstrates severe loopholes in the new policy.
The incident recalls a July episode in which over 72,000 images, including photo IDs, from dating safety app Tea were discovered in unsecured cloud storage. Impacted users in both instances should be cautious of phishing scams and practice the usual safety protocols if they receive suspicious messages.
The mishaps vindicate concerns that ID verification laws endanger user privacy. Furthermore, many have simply circumvented the new requirements using various means. Some caused enormous spikes in VPN usage in countries such as France and the United Kingdom; others pivoted to sketchy websites that ignored the new rules, and some tricked ID verification scanners using footage from video games.
Hackers say they stole 2.1 million Discord ID photos in latest breach