Discord has confirmed that hackers gained access to user information through a third-party customer service provider, not through Discord’s own systems. The company said on 3 October that one of its external vendors, 5CA, was compromised in what appeared to be an extortion attempt.
Around 70,000 users around the world may have had copies of their government ID photos exposed. The vendor had collected those IDs to verify ages for people appealing account restrictions. The hackers also accessed names, emails, IP addresses, parts of payment details and chat records between users and customer service agents.
Discord reacted quickly after spotting the breach. It revoked 5CA’s access, brought in digital forensics experts and contacted law enforcement. It is now emailing affected users directly. The company said no one’s passwords, full credit card numbers or private Discord messages were touched.
Why Are Hackers Going After Age Checks?
What happened to Discord’s vendor fits into a pattern that’s been growing for months. More platforms are collecting ID data because governments are tightening rules on what young people can see online. But each new age verification database turns into a goldmine for hackers.
Aliya Bhatia from the Centre for Democracy and Technology said the breach “lays bare the privacy risks” of these systems. Even companies trying to use less invasive methods end up gathering ID images when people challenge automated decisions. Once those IDs are in storage, they’re a target.
The Electronic Frontier Foundation has warned that online age checks are nothing like showing an ID card at a shop. Once a copy exists online, it’s permanent and easily misused. Without strong privacy laws, those databases can become surveillance tools or be sold on. In short, a rule meant to protect children often ends up exposing everyone else.
More from News
- US Government Shutdown Reveals IPO Loophole
- Why Are Companies Spending More On AI Content When People Don’t Like It?
- Revolut CEO Announces He Is Moving To Dubai: Is The UK Losing Too Many Millionaires?
- World Mental Health Day: How The UK Government Is Investing Into Mental Health
- Experts Share: How The Rise Of Ads Impacts The Quality Of Online Platforms
- Can AI Really Help UK Small Businesses Get Their Time Back?
- UK Unicorn Revolut and AI Company Anthropic Eye Up India
- How Is Artificial Intelligence Changing UK Policing?
What Does This Say About Privacy Laws?
Age verification laws are being introduced faster than governments can agree on how to keep that data safe. The result is a mess of rules that force companies to collect personal details without an actual limit on how that information should be handled.
Tom McBrien from the Electronic Privacy Information Centre said there are safer ways to prove age online, like using credit card ownership or trusted digital tokens. He mentioned how when laws make ID uploads mandatory, they should also force companies to follow strict data security rules, with fines when they fail.
He added that a strong federal privacy law could fix many of these problems through “data minimisation”, meaning firms would have to collect less in the first place. But since Congress hasn’t passed such a law, each platform has been left to build its own version of compliance. That means millions of ID photos sitting in scattered systems, all vulnerable in their own way.
What Will Discord Be Doing?
Discord said it’s tightening security checks for all its external providers and working with law enforcement to trace the breach. The company warned users to ignore suspicious messages and confirmed that any contact about the incident will come from “[email protected].”
For those affected, the leak should be showing us all, just how fragile online privacy has become. Many people hand over IDs to appeal false age bans, not expecting that data to be held by a contractor halfway across the world.
As Bhatia put it, the problem is bigger than one company. Every new ID requirement chips away at online anonymity, turning what used to be casual browsing into a data trail. The Discord case shows how trying to make the internet safer for children can end up making it less private for everyone else.
