Benny Morgan
Karla Spencer
Key Takeaway: Discord Data Breach – Discord’s third-party age verification vendor 5CA was hacked, exposing 70,000 government identification documents despite company’s security measures.
Massive Data Breach Targets Age Verification System
Discord, the popular messaging platform with over 200 million users worldwide, has confirmed that government-issued identification photos belonging to approximately 70,000 users were compromised in a cyberattack targeting one of its third-party service providers.
The breach, which occurred on September 20, 2025, did not directly impact Discord’s internal systems but instead exploited vulnerabilities in the customer support infrastructure managed by 5CA, a company contracted to handle age verification appeals. The incident lasted 58 hours, during which cybercriminals gained unauthorized access to sensitive user data submitted for age-related account appeals.
According to Discord’s official statement, the exposed information includes names, Discord usernames, email addresses, limited billing information such as payment types and the last four digits of credit cards, IP addresses, messages exchanged with customer support agents, and most critically, government identification images including driver’s licenses and passports.
Attackers Demand Millions in Ransom, Discord Refuses to Pay
The cybercriminal group known as Scattered Lapsus$ Hunters claimed responsibility for the attack and attempted to extort Discord for financial gain. The hackers initially demanded $5 million, later reducing their ransom demand to $3.5 million when Discord refused to negotiate.
Security researchers report that the attackers claim to have stolen significantly more data than Discord acknowledges, alleging they obtained 1.5 terabytes of information including over 2.1 million government ID photos. However, Discord firmly disputes these inflated figures, characterizing them as part of the extortion scheme designed to pressure the company into paying.
“We will not reward those responsible for their illegal actions,” Discord stated in its official response, emphasizing the company’s refusal to capitulate to the hackers’ demands.
The attackers gained access by compromising the account credentials of a support agent employed through an outsourced business process provider, highlighting the risks associated with third-party vendor relationships in customer service operations.
Discord’s Immediate Response and Security Measures
Upon discovering the breach, Discord implemented immediate containment measures to limit further damage. The company revoked 5CA’s access to its ticketing system, effectively terminating the vendor relationship and preventing additional unauthorized access.
Discord engaged a leading computer forensics firm to support investigation and remediation efforts while simultaneously notifying relevant data protection authorities and law enforcement agencies. The company has been transparent about the incident’s scope, providing regular updates to users and the public through official press releases.
All affected users are being contacted directly via email from Discord’s verified address (noreply@discord.com), with the company warning users to be vigilant against potential phishing attempts that often follow major data breaches. Discord emphasized it will only communicate about this incident through official email channels and will not contact users by phone.
Age Verification Requirements Drive Data Collection Risks
The compromise of government identification documents highlights the growing security risks associated with mandatory age verification systems being implemented across digital platforms. Discord’s age verification process was established to comply with regulatory requirements, including the UK’s Online Safety Act and the EU’s Digital Services Act.
Users flagged by Discord’s automated moderation systems as potentially underage were required to submit government-issued identification documents for manual review by 5CA’s verification specialists. This process, while necessary for regulatory compliance, created a concentrated repository of sensitive personal identification documents that became an attractive target for cybercriminals.
The timing of this breach is particularly concerning, as it represents one of the first major cyberattacks specifically targeting age verification infrastructure since such systems became mandatory in multiple jurisdictions. Privacy advocates have long warned about the risks of requiring users to submit government identification documents to private companies, citing both data security concerns and the potential for identity theft.
Other Related Post form securedetectives.com
- Spynger Review 2026: Best Monitoring App for Android & iPhone?
- ClevGuard Review – Kidsguard Pro Phone Monitoring Tools
- Hackers Steal $2.7B Crypto in 2025: Record Year
- Cybersecurity Acquisitions Surpassed $84 Billion in 2025
- 5 Best Keylogger Apps in 2025 – Secure, Reliable & Powerful Monitoring Tools
Discord Data Breach: Latest Developments and Company Official Statement
Discord’s most recent update, published on October 9, 2025, specifically identified 5CA as the compromised third-party vendor, providing clarity after initial reports suggested the breach occurred through Zendesk infrastructure. The company emphasized that this was “not a breach of Discord, but rather a breach of a third party service provider, 5CA, that we used to support our customer service efforts”.
Discord confirmed that no full credit card numbers, CVV codes, passwords, authentication data, or user messages beyond customer support interactions were accessed during the incident. The company’s core messaging infrastructure and user authentication systems remained secure throughout the breach.
Past References and Similar Security Events
This incident marks the second significant third-party vendor security breach affecting Discord in recent years. In May 2023, Discord disclosed a similar data breach arising from the compromise of “a third-party customer service agent’s support ticket queue,” with reports suggesting that incident also involved Zendesk infrastructure.
The pattern of repeated third-party vendor vulnerabilities highlights a systemic challenge facing technology companies that rely on outsourced customer support operations. Industry experts note that while companies may maintain robust security controls for their primary systems, third-party vendors often represent the weakest link in the security chain.
The Scattered Lapsus$ Hunters group responsible for this attack represents a concerning evolution in cybercriminal collaboration. The group is a coalition of members from three notorious hacking organizations: Scattered Spider, LAPSUS$, and ShinyHunters. This consolidation of cybercriminal expertise has enabled more sophisticated and damaging attacks across multiple industry sectors.
Discord users who submitted identification documents for age verification should remain vigilant for signs of identity theft and monitor their credit reports for suspicious activity. The company continues to work with law enforcement agencies to investigate the incident and pursue legal action against the perpetrators.
Sources: Information for this article was compiled from Discord’s official press releases, cybersecurity research from multiple independent sources including SecurityWeek, BleepingComputer, and statements from affected users and security experts.
