Hackers say they stole 2.1 million Discord ID photos in latest breach

Daniel Sims

Posts: 2,469   +74
Staff
What we know so far: Discord users who have submitted government IDs to customer service to appeal the app's new age gate are being notified that hackers recently accessed their photos. However, the attackers claim to have stolen far more information than Discord has confirmed.

After Discord confirmed that a cyberattack breached a customer service contractor late last month, hackers reportedly claimed to have over 1.5TB of users' photo IDs, or approximately 2.1 million photos. However, the company disputes this claim.

Discord Previews, an X account that provides information about upcoming Discord updates, shared an image purporting to show the volume of stolen data the hackers are allegedly using to blackmail the company. The September 20 breach resulted in the leak of personal data from Zendesk, which handles the company's customer service interactions. This included personal names, email addresses, Discord usernames, IP addresses, chat histories with customer service agents, and limited billing data, but not full credit card numbers.

The stolen photo IDs were submitted by users appealing the app's decision to lock them out of age-restricted content after using other age verification methods, such as facial scans. In a later statement, Discord accused the hackers of misinformation in an attempt to extort the company, claiming that around 70,000 users' photos were exposed, and that all have been contacted.

Discord recently joined a global trend of services and websites forcing users in certain territories to verify their ages by uploading photos or other proof of identification in compliance with new laws. Although the affected companies promised never to store users' personal data or track their activities, the recent Discord hack demonstrates severe loopholes in the new policy.

The incident recalls a July episode in which over 72,000 images, including photo IDs, from dating safety app Tea were discovered in unsecured cloud storage. Impacted users in both instances should be cautious of phishing scams and practice the usual safety protocols if they receive suspicious messages.

The mishaps vindicate concerns that ID verification laws endanger user privacy. Furthermore, many have simply circumvented the new requirements using various means. Some caused enormous spikes in VPN usage in countries such as France and the United Kingdom; others pivoted to sketchy websites that ignored the new rules, and some tricked ID verification scanners using footage from video games.

Permalink to story:

 
They try to make everything *safe* but make it worst in the process. You cannot ask people to upload their IDs. That is plain and simple stupid. That is private information and has nothing to do with Discord. Only time I provide my ID/face rec etc is for my bank. IDs should not be used anywhere else. Facebook/Discord etc are getting worst by the day. My Facebook account was hacked 2 years ago and I still cannot recover it even with ID etc as I *cannot prove* it is me... Thank God I only use facebook for market place...
 
Back