70,000 Discord Users Had Their ID Photos Exposed - Here’s What Went Wrong

A hacker group calling itself Scattered Lapsus$ Hunters (SLH) has claimed responsibility for breaching Discord’s customer support systems. The attackers provided screenshots that allegedly showed internal support tools as proof and even threatened to release millions of files, including government ID images, unless Discord pays a ransom.

Discord has confirmed the incident but said it third-party customer service provider not its internal infrastructure. The company says that only users who interacted with its Customer Support or Trust & Safety teams were affected by the data breach.

Key takeaway: Even if your main account is secure, information shared during support interactions can still become exposed through external vendors.

What Discord Officially Confirmed

Discord explained in a press release that the breach originated from an external vendor used to handle customer inquiries.

“This was not a breach of Discord, but rather a third-party service we use to support our customer service efforts,” the company said.

The exposed data included users’ names, Discord usernames, email addresses, and messages exchanged with customer service. So far, nothing out of the ordinary.

Unfortunately, a small number of people — around 70,000 users globally, according to Discord — may have had images of government ID leaked.

The reason Discord had these documents at all was due to mandatory age-verification checks required in certain countries.

The silver lining is that Discord’s core systems were not affected:

“No passwords, authentication data, full credit card numbers, CVV codes, or in-app messages were accessed.”

The Breach and the Attackers’ Claims

According to BleepingComputer, the Scattered Lapsus$ Hunters hackers say they accessed Discord’s Zendesk instance for around 58 hours starting on Sept. 20, 2025.

They alleged that the attack was possible due to a compromised support-agent account linked to an outsourced business process provider, which means lost or stolen credentials are likely to blame.

The hackers also claim they stole 1.6 terabytes of data, including support tickets, partial payment data, and ID images. They demanded a $5 million ransom, and later reduced it to $3.5 million – a common tactic when organizations refuse to pay.

“We will not reward those responsible for their illegal actions,” explained Discord in the press release.

The company quickly revoked the vendor’s access, informed law enforcement, and began contacting potential victims via [email protected].

The Weakest Link in Security

As Bitdefender’s HotforSecurity analysis observed, this incident shows how third-party vendors can introduce risks even when a company keeps its own systems secure.

Attackers often target support or supply-chain partners, knowing that those partners might not have the best security or the best policies.

The compromised records included personal identifiers, partial billing data, and message histories – the kind of information users would want to remain confidential.

Bitdefender summarized the lesson clearly: “Third-party suppliers can be a weak link in your security chain.”

This wasn’t the first time Discord faced a similar problem. In March 2023, the company disclosed an earlier breach after a support agent’s account was compromised, exposing emails and attachments sent through support tickets.

How to Protect Yourself

Even if your Discord account wasn’t directly impacted by the breach, this latest incident is a reminder that everyone should take extra precautions.

Verify Official Communications

· Discord will not contact users by phone. Official updates only come from [email protected]. Treat any other communication as potentially fraudulent.

Strengthening Account Security

· Enable multi-factor authentication (MFA) using an authenticator app. Review connected apps and revoke any that look suspicious.

Be Alert for Phishing

· Cybercriminals may impersonate Discord Support to steal credentials. Avoid clicking on links in unsolicited emails or DMs referencing the breach.

Protect Your Identification Data

· If you’ve submitted ID documents for verification, you could be affected. While Discord says financial data wasn’t impacted, it’s still wise to monitor your credit reports and identity-monitoring alerts for unusual activity.

Keeping Your Identity Safe

Once your data leaves your control, recovery becomes difficult. Bitdefender’s Digital Identity Protection helps users stay proactive by:

• Scanning the dark web for stolen data linked to your email or phone number
• Alerting you to new breaches involving your personal information
• Blocking phishing sites impersonating support staff
• Offering actionable recovery steps in case of exposure

Learn more about how attackers exploit third-party vendors in our Bitdefender Threat Intelligence Report.

FAQ Cluster

Was Discord itself hacked?

No. Discord confirmed: “This was not a breach of Discord, but rather a third-party service we use to support our customer service efforts.”

How many users have been affected?

Approximately 70,000 users may have had government ID images exposed. The total number of users whose support data was compromised has not been disclosed, though the hackers claim it’s higher.

What information was exposed?

Support-related data such as names, emails, limited billing details, IP addresses, and customer-service messages. Passwords, in-app messages, and full payment details were not impacted.

Did Discord pay the ransom?

No. Discord stated: “We will not reward those responsible for their illegal actions.”

How can users protect themselves?

Enable MFA, watch out for phishing messages, and use Bitdefender Digital Identity Protection to monitor your data exposure online.