Never Provide Your ID Online Because of This

If you have provided Discord with your ID for age verification or other purposes, you should be concerned.

The highly popular chat service experienced a significant data breach, attributed to a third-party supplier, in early October 2025, and has disclosed that a minimum of 70,000 customers had their government ID images compromised and disseminated online. Furthermore, the potential for additional revelations from the hacker's extensive cache continues to pose a significant threat to Discord users.

Your personal information has been leaked once more

On October 3, 2025, Discord said that a breach occurred in its third-party customer service, Zendesk, associated with its chat platform, compromising the data of several users, but no exact figure was disclosed at that time.

The data comprised names, Discord usernames, email addresses, IP addresses, communications with customer agents, and restricted billing information. The amalgamation is suboptimal and may have considerable consequences if integrated with data from previous breaches (not attributable to Discord, yet the issue is evident).

The disclosure article also asserted that a "limited number of government-issued identification images" were obtained, however it did not specify a quantity.

According to the BBC, the official statistic is now recorded at "approximately 70,000" users, indicating a substantial number of individuals who have their official identification linked to all other information.

As reported by 404 Media, the hackers expressed dissatisfaction with Discord's assertion regarding the quantity of IDs and the extent of data compromised. The hackers disclosed in their Telegram group that they own 1.5 gigabytes of user data.

What actions may you take if your identification was compromised in the Discord breach?

Regrettably, there is no possibility of retracting your ID. If you are among those impacted, I highly recommend that you engage in dark web surveillance and explore methods to secure your online accounts following a breach.

I recommend that you contact the credit reporting agencies to impose a freeze on any new credit accounts and warn them that your personal information, including identification, was compromised in this breach.

Utilizing identification for age verification is likely to result in significant complications

This marks the inception of a profoundly detrimental situation for all internet users. It is also an occurrence anticipated by anyone with a cursory interest in technology, privacy, and even a rudimentary understanding of data breaches. It seems inevitable that this will occur again, considering the increasing number of services mandated to utilize government identification for verification purposes.

Recent modifications in the UK and throughout the EU have resulted in an unprecedented collection of government IDs globally. In numerous instances, access to adult content is sought, while in others, the service has unfortunately drawn governmental inquiry. Numerous large companies, aiming to maintain service for clients in those nations, have diligently commenced utilizing identification for verification; nonetheless, this presents significant challenges for the websites and an ideal opportunity for attackers.

However, before to expressing relief, it is important to note that this breach extends beyond merely UK and European identifications. The hackers' Telegram channel disseminated photos of US and Canadian identification documents and detailed methods for correlating information to establish connections between services.

In a case reported by 404 Media, the hackers disclosed a user's Coinbase email address, Discord Nitro payment details, a complete phone number, the IP address, and further information. All indications suggest a broader scenario: with official identification and the compromised data, 70,000 individuals are poised to experience significant distress.

The essence of the issue lies within. Submitting a digital ID to any site is never justified by the security compromise, whether mandated by the government or otherwise. As age verification laws are now implemented in over half of the states, an increasing number of individuals are compelled to relinquish valuable data with minimal understanding of security, storage, data protection, or the process for its removal.

As the internet appears to be progressing unidirectionally, this issue will persist, leaving billions of users with no options other than to acquiesce and trust that these sites maintain their security.