In October 2025, Discord suffered a data breach via a third-party vendor (5CA), exposing government-issued ID photos, email addresses, usernames, and partial billing details of approximately **70,000 users** globally. The breach stemmed from a vulnerability in 5CA’s systems, which handled Discord’s age-verification appeals under the UK’s **Online Safety Act (2025)**. Hackers exploited this weakness, leaked sensitive user data, and attempted extortion—though Discord refused to pay. While Discord’s core systems remained secure, the incident highlighted risks tied to outsourced data collection. Authorities, including the **UK’s Information Commissioner’s Office (ICO)**, were notified, and forensic investigations were launched. The breach underscored vulnerabilities in third-party dependencies and the broader implications of regulatory-driven data storage policies.
TPRM report: https://www.rankiteo.com/company/discord
"id": "dis3392533101025",
"linkid": "discord",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '70,000 (users with exposed '
'government ID photos)',
'industry': 'Technology / Social Media',
'location': 'Global (HQ: San Francisco, USA)',
'name': 'Discord',
'size': '200+ million users',
'type': 'Communication Platform'},
{'industry': 'Customer Support / Outsourcing',
'name': '5CA',
'type': 'Third-Party Customer Service Vendor'}],
'attack_vector': "Exploitation of vulnerability in third-party vendor's (5CA) "
'network',
'customer_advisories': ['Check for emails from noreply@discord.com for '
'exposure confirmation.',
'Avoid suspicious links/messages; monitor bank '
'accounts.',
'Enable 2FA and change passwords for connected '
'accounts.'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Image files (ID photos)',
'Text logs (chat transcripts)'],
'number_of_records_exposed': '70,000 (confirmed by Discord; '
'hackers claimed 2 million as '
'extortion tactic)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (government IDs, personal '
'identifiers)',
'type_of_data_compromised': ['Government-issued ID photos',
'Usernames',
'Email addresses',
'Service chat logs',
'Partial billing details']},
'date_publicly_disclosed': '2025-10-03',
'description': 'Discord, a global communication platform with over 200 '
'million users, confirmed a cyberattack that exposed official '
'government ID photos of tens of thousands of users. The '
'breach occurred via a third-party customer service vendor '
'(5CA) handling age-verification appeals. The leaked data may '
'include ID photos, partial billing details, email addresses, '
'and private messages between users and support agents. '
'Discord refused to pay the extortion demands.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive user data and '
"association with UK's Online Safety "
'Act',
'data_compromised': ['Government-issued ID photos',
'Usernames',
'Email addresses',
'Service chat logs',
'Partial billing details'],
'identity_theft_risk': 'High (due to exposure of government IDs '
'and partial billing details)',
'legal_liabilities': "Potential non-compliance with UK's Online "
'Safety Act (2025); regulatory scrutiny by UK '
"Information Commissioner's Office (ICO)",
'operational_impact': 'Revoked third-party vendor access; forensic '
'investigation initiated',
'payment_information_risk': 'Low (Discord confirmed no full '
'payment details were leaked)',
'systems_affected': ['Third-party vendor (5CA) ticketing system']},
'initial_access_broker': {'entry_point': 'Third-party vendor (5CA) network '
'vulnerability',
'high_value_targets': ['Government ID photos',
'User appeal chat logs']},
'investigation_status': 'Ongoing (forensic investigation in collaboration '
'with law enforcement)',
'lessons_learned': ['Third-party vendor risks can expose core platforms '
'indirectly.',
"Age-verification policies (e.g., UK's Online Safety Act) "
'may increase data collection risks.',
'Extortion attempts can follow high-profile breaches '
'involving sensitive data.'],
'motivation': 'Financial extortion',
'post_incident_analysis': {'corrective_actions': ['Terminated third-party '
'vendor access.',
'Enhanced user '
'notifications and phishing '
'warnings.',
'Collaboration with '
'regulators to address '
'compliance gaps.'],
'root_causes': ['Third-party vendor (5CA) security '
'failure.',
'Inadequate safeguards for '
'sensitive age-verification data.',
'Extortion-driven attack '
'leveraging high-value data.']},
'ransomware': {'data_exfiltration': True, 'ransom_demanded': True},
'recommendations': ['Users: Monitor for phishing attempts, enable 2FA, and '
'report suspicious activity.',
'Platforms: Audit third-party vendor security practices, '
'minimize sensitive data collection.',
'Regulators: Reevaluate age-verification mandates to '
'balance safety and data risks.'],
'references': [{'source': 'The Guardian'},
{'source': 'Discord Official Statement (3 October 2025)'},
{'source': 'Sky News (Rowland Manthorpe)'},
{'source': "UK Information Commissioner's Office (ICO)"}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
"UK's Online Safety Act "
'(2025) due to '
'age-verification data '
'handling'],
'regulatory_notifications': ['UK Information '
"Commissioner's Office "
'(ICO) notified and '
'assessing the '
'breach']},
'response': {'communication_strategy': ["Official statements via Discord's "
'platform',
'Emails to affected users from '
'noreply@discord.com',
'Advisories on suspicious activity '
'monitoring'],
'containment_measures': ["Revoked third-party vendor's access to "
'ticketing system'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Forensic investigation',
'Cooperation with law enforcement and '
'regulators'],
'third_party_assistance': ['Forensic investigators',
'Zendesk (confirmation of '
'non-involvement)']},
'stakeholder_advisories': ['Users notified via email (noreply@discord.com).',
'UK ICO assessing the breach report.',
'Cybersecurity experts warning of phishing risks.'],
'title': 'Discord Data Breach 2025',
'type': ['Data Breach', 'Third-Party Breach', 'Extortion Attempt']}