Discord Customer Service Data Breach Leaks User Info and Scanned Photo Ids
Mood
heated
Sentiment
negative
Category
other
Key topics
Discord's customer service data breach exposed user information and scanned photo IDs, sparking concerns about the company's handling of personal data and age verification processes.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
1h
Peak period
36
Day 1
Avg / period
12.7
Based on 38 loaded comments
Key moments
- 01Story posted
Oct 3, 2025 at 8:39 PM EDT
about 2 months ago
Step 01 - 02First comment
Oct 3, 2025 at 10:05 PM EDT
1h after posting
Step 02 - 03Peak activity
36 comments in Day 1
Hottest window of the conversation
Step 03 - 04Latest activity
Oct 8, 2025 at 1:46 PM EDT
about 2 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
>The unauthorized party also gained access to a small number of government ID images (e.g., driver’s license, passport) from users who had appealed an age determination.
https://discord.com/press-releases/update-on-security-incide...
They intentionally chose NOT to disclose a date range or even how many ID tickets compared to standard tickets were leaked.
Users only upload their government ID to Discord when the "Face Scan" [0] incorrectly estimates their age as being less than 18. Discord could reasonably classify this as a "small number" of users who need to upload their government ID image. That wouldn't preclude it from also being every user who needs to upload their government ID image — unless there is some other system that also requires them to upload it?
With that in mind, here's a rephrasing of the same statement:
> The unauthorized party also gained access to all uploaded government ID images.
Their press release does NOT say it's a small subset of photo IDs. It says a "small number" of government ID images — nothing about percentages. This would be consistent with the "small number" of users who need/choose to appeal an incorrect age estimation from Face Scan.
[0] https://support.discord.com/hc/en-us/articles/30326565624343...
For example if the face verification failed and you need to file an appeal which requires uploading government ID. That's likely sizeable number of users, especially since the breach happened shortly after the requirement was implemented and many existing users had to do it.
(To say nothing of... does it matter the amount of IDs leaked?)
I hate what the internet is becoming through government and corporate policies
I don't think country has an impact. I've experienced it in both US and UK with extensive years spent in both.
On the one hand, it would be such an obvious proof of age that you've had the account for 21 years so why not pass you.
On the other, this would become a form of grandfathering such that all of us oldtimers and people in the establisent never directly see and experience the impact of these policies. It's mostly in the younger generations (still adults but their accounts may only be 5-10y) and people in exposed situations who get impacted.
So while it seems silly, at least process becomes visible.
I understand moderation for obvious hate speech or violence (of course "obvious" means something different for everyone) but sex or fuck are normal words for normal adults.
Who wants to bet that this was the intended outcome all along?
It really is that simple.
In theory infinite regulations would suggest that no one would be permitted to do anything eventually. However, before we reach that point, the cost of compliance will be so high that publishing websites will become untenable.
An equilibrium of regulatory capture favoring large publishers will likely emerge before this point. Those large interests will have the resources to influence regulatory outcomes. Their incentives will include maintaining a sufficiently high barrier to entry while optimizing their own compliance costs.
some key facts Discord are maliciously intentionally withholding:
(approx.) amount of affected users, seeing hundreds of comments on reddit + twitter
tickets timespan, I personally have multiple support accounts, one has only one ticket from July which got the email
affected ticket categories
whether phone numbers were leaked (can lead to further attacks such as SIM swapping)
whether addresses were leaked (they carefully use language "limited billing information" rather than stating the exact pieces)
https://x.com/vxunderground/status/1975834621503062495
Imagine a place…
I am no longer miffed :)
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.