Discord experienced a significant data breach originating from a third-party vendor (initially suspected to be 5CA, though later disputed) used for age verification. The breach exposed approximately **70,000 users'** government-issued ID photos (driver’s licenses/passports), alongside personal data such as **names, usernames, emails, IP addresses, and partial credit card details (last four digits)**. Hackers claimed to have stolen **1.5TB of data (2.1M images)**, though Discord refuted the scale, calling it an **extortion attempt**. The vendor (5CA) denied involvement, suggesting **human error** as a possible cause. Discord terminated operations with the affected vendor, engaged law enforcement, and notified impacted users. The leaked data poses risks of **identity theft, phishing, and fraud**, though no ransomware was involved. The breach did not affect Discord’s core systems but stemmed from a compromised support infrastructure (Zendesk).
Source: https://knowtechie.com/discord-data-breach-exposed/
TPRM report: https://www.rankiteo.com/company/discord
"id": "dis4392643101625",
"linkid": "discord",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '~70,000 (claimed by Discord; '
'2.18M images disputed)',
'industry': 'Communication/Social Platform',
'location': 'Global (HQ: San Francisco, USA)',
'name': 'Discord',
'type': 'Technology Company'},
{'industry': 'Outsourcing/Business Process',
'name': '5CA (disputed involvement)',
'type': 'Customer Support Vendor'}],
'attack_vector': ['Third-Party Vendor Exploit (disputed)',
'Human Error (claimed by 5CA)'],
'customer_advisories': ['Direct notifications to affected users'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Image files (JPEG/PNG, etc.)',
'Potentially text logs (emails, IPs)'],
'number_of_records_exposed': '2,185,151 images (disputed); '
'~70,000 users (Discord '
'estimate)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (government IDs, PII)',
'type_of_data_compromised': ['Government-issued ID photos',
'PII (names, usernames, emails, '
'IP addresses)',
'Partial payment data (last four '
'digits of credit cards)']},
'date_publicly_disclosed': '2025-10-08',
'description': 'A hacker collective (vx-underground) claimed to have stolen '
'1.5TB of age verification photos (2.18 million images) from '
"Discord's third-party customer service vendor (initially "
'suspected to be Zendesk, later disputed by 5CA). The breach '
'exposed government-issued ID photos (e.g., driver’s licenses, '
'passports) of ~70,000 Discord users, along with personal data '
'like names, usernames, emails, IP addresses, and partial '
'credit card numbers. Discord denied a direct breach of its '
'systems, while 5CA denied involvement, citing human error as '
'a potential cause. The incident is under investigation, with '
'Discord collaborating with law enforcement and cybersecurity '
'experts.',
'impact': {'brand_reputation_impact': ['Potential trust erosion due to '
'exposure of sensitive ID photos'],
'data_compromised': ['Government ID photos (driver’s licenses, '
'passports)',
'Names',
'Usernames',
'Email addresses',
'IP addresses',
'Last four digits of credit cards'],
'identity_theft_risk': ['High (exposed government IDs)'],
'operational_impact': ['Vendor relationship termination',
'Forensic investigation',
'User notifications'],
'payment_information_risk': ['Partial (last four digits of credit '
'cards)'],
'systems_affected': ['Third-party customer service vendor '
'(Zendesk/5CA, disputed)']},
'initial_access_broker': {'high_value_targets': ['Age verification data '
'(government IDs)']},
'investigation_status': 'Ongoing (forensic analysis by Discord, 5CA, and '
'cybersecurity experts)',
'motivation': ['Extortion', 'Data Theft', 'Publicity'],
'post_incident_analysis': {'root_causes': ['Third-party vendor compromise '
'(disputed)',
'Potential human error (claimed by '
'5CA)']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Avoid sharing government IDs online unless absolutely '
'necessary',
'Strengthen third-party vendor security audits',
'Implement stricter data minimization practices for age '
'verification'],
'references': [{'date_accessed': '2025-10-08', 'source': 'The Verge'},
{'date_accessed': '2025-10-08',
'source': 'vx-underground (Twitter/X)'}],
'response': {'communication_strategy': ['Public statements via The Verge',
'Direct user notifications'],
'containment_measures': ['Terminated operations with affected '
'vendor'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Forensic investigation',
'User notifications'],
'third_party_assistance': ['Cybersecurity experts',
'Ethical hackers (claimed by 5CA)']},
'stakeholder_advisories': ['Discord spokesperson Nu Wexler’s statements to '
'The Verge'],
'threat_actor': 'vx-underground (hacker collective)',
'title': 'Discord Third-Party Vendor Data Breach (2025)',
'type': ['Data Breach', 'Extortion Attempt', 'Third-Party Vendor Compromise']}