Discord has confirmed a data breach that may have exposed sensitive information from about 70,000 users. The incident resulted from a security compromise at a third-party service provider that handles the platform’s age verification appeals.
When Discord suspects a user might be underage or when local laws require age confirmation, the platform asks for a selfie with a government-issued ID and the user’s Discord username. This information helps the Trust & Safety team verify identity and eligibility.
According to Discord, the exposed data may include ID photos, selfies, and IP addresses, which can reveal general locations. The company says it has already notified affected users.
The situation might be more serious than initially reported. Hackers told 404 Media they obtained around 1.5 terabytes of data, suggesting the leak could be larger. A Discord spokesperson told The Verge that these claims are “incorrect” and part of an attempt to extort the company.
The incident highlights growing privacy concerns over age verification systems. Digital rights advocates argue that mandatory ID uploads create unnecessary risks by turning sensitive personal information into attractive targets for cybercriminals.
Age verification laws are already active in about half of U.S. states, mainly affecting adult content websites. Some platforms, including Pornhub, have chosen to block users in those regions instead of collecting ID data.
In the U.K., the recently introduced Online Safety Act goes even further, requiring major platforms like YouTube, Spotify, Google, X, and Reddit to verify users’ ages. Critics say the Discord breach shows how such laws can unintentionally put user privacy at risk.
