Discord says 70,000 age-verification ID photos may have been leaked in recent security breach that also includes names, usernames, emails, credit cards, and IP addresses

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

12

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the PC Gamer Newsletter

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Every Friday

GamesRadar+

Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.

Signup +

Every Thursday

GTA 6 O'clock

Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.

Signup +

Every Friday

Knowledge

From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.

Signup +

Every Thursday

The Setup

Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.

Signup +

Every Wednesday

Switch 2 Spotlight

Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.

Signup +

Every Saturday

The Watchlist

Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.

Signup +

Once a month

SFX

Get sneak previews, exclusive competitions and details of special events each month!

Signup +

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

In a development that will come as no surprise to critics of age-verification legislation, Discord has just put a figure on its recent security breach in terms of the number of government photo IDs that have been compromised. And that figure is 70,000.

In a statement to The Verge, Discord clarified that its own security was not breached. Instead, it was a third-party supplier of customer support that was compromised.

More specifically, it was government photo ID used to review age-related appeals that was stolen. "This was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions," Discord said.

In recent months, businesses have been pushed to adopt government mandated verification measures, such as those outlined in the UK's Online Safety Act. The fact that photo IDs were leaked will be viewed as proof of the fundamentally misguided basis of most age-verification measures. However, as our own Jacob R recently pointed out, it doesn't have to be this way.

Firing over actual copies of your photo ID to all and sundry, including all manner of websites, messaging apps and gaming platforms is asking for trouble, even if those platforms ostensibly promise not to keep copies. A much better alternative would be age verification where you don't actually share personal data.

One such solution is known as Zero Knowledge Proofs (ZKP). It's a cryptographic technique for proving something is true or false without revealing any information. Jacob says ZKP has been used on blockchains and even debated as a tool for nuclear disarmament talks, "but in this context, they act as a guarantee that a user is over a certain age without providing any identifying information on said user."

Anyway, the Discord breach, or at least the breach suffered by its third-party service provider, also included further data including names, usernames, emails, the last four digits of credit cards, and IP addresses. So, it's a pretty comprehensive mess.

While Discord isn't directly responsible for the breach, it does get to choose if it hands over responsibility for such sensitive work to third parties for some tasks and who those third parties are.

In response, Discord has said, "all affected users globally have been contacted and we continue to work closely with law enforcement, data protection authorities, and external security experts. We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause."

But that won't be much comfort to anyone who has had their government ID, name, username, email, the last four digits of their credit card, and their IP address stolen by bad actors. Here's hoping ZKP or something very much like it becomes the norm sooner rather than later.

Best PC gaming kit 2025

1. Best gaming chair: Secretlab Titan Evo

2. Best gaming desk: Secretlab Magnus Pro XL

3. Best gaming headset: HyperX Cloud Alpha

4. Best gaming keyboard: Asus ROG Strix Scope II 96 Wireless

5. Best gaming mouse: Razer DeathAdder V3 HyperSpeed

6. Best PC controller: Xbox Wireless Controller

7. Best steering wheel: Logitech G Pro Racing Wheel

8. Best microphone: Shure MV6 USB Gaming Microphone

9. Best webcam: Elgato Facecam MK.2

👉Check out our list of guides👈