The social media platform suffered a data breach affecting over 70,000 users on September 20th 2025.

The leak sprung from malicious actors gaining unauthorized access to Discord's third-party customer support system.

There, an agent's account was compromised for 58 total hours, resulting in an estimated 1.5TB of data being stolen.

Discord severely underestimated the total number of affected users, with the real count being closer to 5.5 million unique accounts.

Contrary to popular rumors, it was not Discord's own servers that were jeopardized, but only a south-east Asian support center, after a significant bribe to one of the employees.

As for the data itself, a significant 2.1 million government ids were obtained by the attackers.

Along with that, over 1.5 terabytes of names, emails, limited billing information and IP addresses were stolen.

The unauthorized party however was not able to obtain any messages or authentication data (such as passwords) as part of their breach.

The United Kingdom's new Online Safety Act, as well as EU's Digital Services Act force Discord to verify each user's age through a third-party agency called 5CA.

So, if you are not a British or EU citizen, then you are in no immediate danger, but it is never a bad idea to update your passwords.