This huge data breach is why I'll never provide my ID online

If you've ever given Discord your ID for age verification or otherwise, be worried.

The super-popular chat service suffered a major data breach (via a third-party supplier) in early October 2025 and has now revealed that at least 70,000 of its users had their government ID photographs stolen and leaked online. If that's not bad enough, there is still the prospect of more information to come from the hacker's enormous trove, leaving a data-breach dagger dangling over Discord users' heads.

Your personal data is leaked yet again

I'm tired

On October 3, 2025, Discord revealed that a third-party customer service, Zendesk, attached to its chat platform was breached, exposing the data of many of its users—no specific number was provided at the time.

The data included names, Discord usernames, and email addresses, IP addresses, messages with customer agents, and limited billing information. As a combination, it's not great and could have significant ramifications if pieced together with other data from other leaks (not Discord's fault, but you see the problem).

Its revelation post also claimed a "small number of government-ID images" were also accessed, but again, it didn't provide a figure.

But now, according to the BBC, that figure is officially noted at "around 70,000" users, which is a big old number of people who now have their official ID associated with all the other information.

According to 404 Media, the hackers had actually taken issue with Discord's statement on the number of IDs and the volume of data stolen. In its Telegram group, the hackers posted information detailing the true extent of the data, revealing that 1.5 terabytes of user data is now in its hands.

What can you do if your ID was exposed in the Discord breach?

Unfortunately, face-swap tech doesn't exist

Unfortunately, as far as retracting your ID goes, nothing at all. If you're one of the affected, I'd strongly suggest you implement both dark web monitoring and look at how to protect your online accounts after a breach.

I'd also advise you to head to the various credit reporting agencies and put a freeze on any new credit lines, and let them know that your information, along with ID, was leaked as part of this breach.

Using ID for age verification can only spell disaster

Time to stock up on VPNs

This is basically the start of something really horrendous for every internet user. It's also something anyone with a passing interest in technology, privacy, and even vague knowledge of data breaches knew would happen. Oh, and it is absolutely bound to happen again, given the number of services now being forced to use government IDs to verify services.

Recent changes in the UK and across the EU mean more government IDs than ever are being collected worldwide. In many cases, to access adult content, but in others, simply because the service has had the misfortune of attracting government scrutiny. As many large websites want to continue serving customers in those countries, they have dutifully begun using ID as verification, but it's a minefield for the websites and an absolute dream for any attackers.

But before you breathe a sigh of relief, it's far from just UK and European IDs breached in this hack. The hackers' Telegram group shared images of US and Canadian IDs, and elaborated on how it could link information together to connect the dots between services.

In one case shared with 404 Media, the hackers posted information about a user's Coinbase email address, with payments for Discord Nitro, a full phone number, the IP address, and more. It all points to the larger picture: with official ID and the stolen data, 70,000 people are about to have a really bad time.

That's the crux of the problem. Handing over a digital ID to any platform is never worth the security trade-off, government-mandated or not. With age verification laws now present in more than half of all states, more people than ever are being forced to hand over precious data with little knowledge about security, storage, data protection, or even how to have it removed.

And with the internet seemingly only going one way, this problem will continue to grow, leaving billions of internet users with little recourse other than to comply and hope these platforms remain secure.

When pigs fly, eh.