On Wednesday, Discord revealed that approximately 70,000 users may have had private information — such as images of their government-issued IDs — compromised after cybercriminals infiltrated a third-party service provider responsible for handling age verification appeals for the platform.
Users on Discord might submit an “age-related appeal” if the service suspects they are under the required age, or if they reside in regions mandating identity confirmation to use the platform. In these scenarios, individuals are instructed to provide a photo of themselves holding their government ID and Discord username to the Trust & Safety team.
Discord stated that it has reached out to those impacted, whose leaked information might also include their IP addresses, potentially identifying their general location.
404 Media, a news outlet, reported that the scale of the breach could be greater than what Discord has acknowledged. The attackers allege they obtained 1.5 terabytes of data, which could mean far more than 70,000 images were compromised. A Discord representative told The Verge that these statements are “inaccurate and part of a scheme to demand ransom.”
This incident involving Discord user data highlights the worries raised by digital rights advocates regarding the use of age verification to enhance online safety.
Laws requiring age verification, which force users to upload sensitive documents like the government IDs exposed in this incident, have been passed in roughly half of U.S. states, mainly targeting sites that feature adult content. Pornhub, a leading adult video platform, has chosen to block access from these states entirely rather than comply with age verification requirements.
The United Kingdom’s Online Safety Act, which became law in July, obligates a wider array of platforms — including YouTube, Spotify, Google, X, and Reddit — to confirm users’ ages.
