I recently learned, through a BBC report, that a company called 5CA, which helps Discord with customer support and handles appeals about user ages, experienced a security breach on September 20, 2025. It seems they were the ones who got hacked.
As an analyst, I’ve been following the recent Discord breach, which lasted just over two days – 58 hours to be exact. We believe the attack was carried out by three known hacking groups: Scattered Spider, LAPSUS$, and ShinyHunters. Discord officially confirmed the incident on October 2, 2025, reporting that approximately 70,000 users globally were impacted.
What data was exposed — and what wasn’t
From this breach, hackers managed to obtain several types of data, including:
- Government-issued IDs such as passports and driver’s licenses
- Emails, full names, usernames, and contact details
- Limited billing data, payment types used, last four digits of card numbers, and purchase history
- IP addresses, customer support messages, and internal training documentation
I’m relieved to report that sensitive information like full credit card numbers, security codes, passwords, and private messages remained secure during the incident. Thankfully, none of that was accessed.
At first, hackers said they stole over a million user IDs from Discord. However, Discord has since confirmed that the actual number of stolen IDs is closer to 70,000.
Although that figure remains important, the event highlights bigger issues with the increasing adoption of required age verification processes. In the UK, these checks are now common on numerous websites.
I’m concerned this method could lead young people to unsafe websites that don’t check ages, or encourage them to use VPNs to get around the rules.
Hackers’ ransom demands and Discord’s response
Hackers targeted Discord with a ransomware attack, first requesting $5 million, then lowering their demand to $3.5 million. Discord chose not to pay the ransom, and discussions with the hackers lasted from September 25th to October 2nd, 2025.
The company announced it won’t offer any benefits to those who committed illegal acts. Following this, Discord removed 5CA’s access, began looking into the matter internally, and informed the proper authorities.
If you might have been affected by a data issue, Discord has emailed anyone impacted. Check your inbox for a message from noreply@discord.com – especially if you’ve recently verified your ID.
Why this breach matters for age verification laws
This situation is likely to become more common as countries, like the UK, implement new online safety laws requiring users to prove their age. In the UK, the Online Safety Act fully took effect in July 2025, meaning many platforms now require age verification.
The issue involved Discord’s process for verifying the ages of users. When someone was flagged as being under 18, they were asked to provide a photo of their government-issued ID. These ID submissions weren’t handled by Discord directly, but by a separate company called 5CA.
Just because it’s a small difference doesn’t mean it’s not worrying. People are still very concerned about privacy, and that’s a major reason they don’t like being required to show ID. I’m happy to share my ID if I want to, but being forced to do so feels intrusive. As a UK user, that lack of control is really frustrating.
This appears to be the first significant attack targeting the systems used to verify people’s ages online, and it happened shortly after these systems were put in place. It’s a concerning sign of a potentially widespread issue. Fortunately, financial details weren’t stolen in this instance, but it makes you wonder how long it will take before they are. Even without a financial breach, the fact that hackers now have access to thousands of official IDs and IP addresses is extremely disturbing.
As of October 10, 2025, Discord continues to cooperate with law enforcement regarding a recent data breach. While the stolen information hasn’t been made public yet, the hackers are threatening to release it if their requests aren’t fulfilled.
I’ve shared my thoughts on how we’re moving towards a safer online world, and I’m curious to hear what everyone else thinks, especially if your views have changed since our last discussion. Is sacrificing some privacy a fair price to pay for increased online security? The idea is that this shift will ultimately protect users better, but it’s still uncertain whether companies like Discord can reliably keep that data safe.
Stay up-to-date with the latest from Windows Central by following us on Google News! You’ll get all our news, insights, and features right in your feed.
Read More
- Preview: Here’s Why Resident Evil Requiem’s Tension Is Off the Charts
- Top gainers and losers
- 12 Best Schools to Rebuild in College Football 26
- 99 Nights in the Forest codes: Full list of codes for September 2025
- Gold Rate Forecast
- You Need to Hear the Advice Rhea Raj Gave KATSEYE’s Lara
- Every Hulk Personality, Ranked by Importance
- Metal Gear Solid Delta Patch Promised, But No Mention of PS5 Performance Improvements
- Zombie Shooter Now 100% Free on Steam for the Next 48 Hours
- Berserk: 10 Best Studios For a New Anime
2025-10-10 17:13