Discord Issues an Update on Its September Data Breach

By Catherine Masters | October 9, 2025 | 3:00pm

Video Games News Discord

Discord Issues an Update on Its September Data Breach

Yesterday social messaging service Discord released an update to their statement about the extent of the September 20 Zendesk data breach and their actions to protect impacted users. Although it had been initially alleged that 2,185,151 photos were leaked, the San Francisco company claimed in an update yesterday that just 70,000 user ID photos were part of the breach. The hacking group behind this refutes this estimate, claiming to Bleeping Computer that they possess 1.6 TB of data, including 521,000 age-verification tickets, although the number of distinct ID photos part of this is unclear. Speaking with The Verge, Discord spokesperson Nu Wexler has said that the group’s estimation is overblown and an attempt at “extorting” the company.

Most Popular

In addition to the “small number of government‑ID images,” Discord also warns that user data such as contact details, the last four digits of cards, and IP addresses may have been leaked. The company has responded by contacting those impacted and “ended work with the compromised vendor,” a third party customer service that was the target of the breach. “We will not reward those responsible for their illegal actions,” Wexler said. “We will continue to work closely with law enforcement, data protection authorities, and external security experts.”

The hacker group has shared examples of their handiwork in a Telegram chat that 404 Media was added to, including the photos users sent in with them holding their IDs next to their face with their handle included. Additionally they shared a spreadsheet tracking 1000 users’s statuses, residences and more, tied to their accounts’ emails.

With online age restrictions cropping up around the world, restricting everything from Bluesky DMs to games tackling mature topics, people are pressured more than ever to share their personal information and IDs with companies while fearing these exact kinds of data breaches. Although this author was not contacted by Discord about being impacted by the breach, they did have to send an age appeal to Discord earlier this year that was likely processed by the breached company.

Although the emails sent to those affected did not recommend any course of action for those impacted by the breach, it would be advisable to at least contact your banking provider for a new card if you know your details were compromised this past month.