UPDATE (1:21 p.m., CST; 10.14.2025): Discord released updated information regarding the breach on Oct. 9. AVN was made aware of this information after this report was published. According to the company, the data breach involving a third-party vendor exposed age verification documentation, including government identification cards.
This breach resulted from errors by a European customer experience vendor, 5CA, which outsources functions to customer service agents in countries like the Philippines. K-ID is Discord's primary age verification vendor, but they indicated that they had no role in the data loss with their standard age verification processes.
SAN FRANCISCO—The parent company of Discord, the instant messaging and social platform popular among gamers and internet subcultures, disclosed that one of its third-party vendors suffered a hacking incident that exposed the records of some 70,000 users, including photos on government-issued identification cards.
The vendor was contracted with Discord to verify user ages and process age-related appeals.
The vendor, which remains unnamed at this point, was allegedly breached through the exploitation of a Zendesk instance attempting to extort both Discord and the vendor. Initial reports of the data breach highlighted the loss of 1.5 terabytes of age verification-related photos, totalling nearly 2.2 million images.
A statement issued by a Discord spokesperson to The Verge notes that this wasn't a breach of its in-house systems. Instead, the attack was targeted at a "third-party service we use to support our customer service efforts." The same spokesperson said that the breach itself was not as expansive as reported and approximately 70,000 users are impacted "that may have had government-ID photos exposed, which our vendor used to review age-related appeals."
"All affected users globally have been contacted, and we continue to work closely with law enforcement, data protection authorities, and external security experts," the spokesperson added. "We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause."
Discord disclosed in an announcement last week that additional information—including names, usernames, emails, the last four digits of credit cards, and IP addresses—was also exposed in the data breach.
Though ubiquitous with video game culture and other subcultures on the internet, Discord is also now growing in popularity among adult content creators for fan engagement and community cultivation, including organizing among sex workers active on the digital space.
Discord also allows users over the age of 18 to share and access sexual content.
