Discord Says 70,000 Users May Have Had Their Government IDs Leaked In Breach (theverge.com)
- Reference: 0179718542
- News link: https://yro.slashdot.org/story/25/10/08/2259252/discord-says-70000-users-may-have-had-their-government-ids-leaked-in-breach
- Source link: https://www.theverge.com/news/797051/discord-government-ids-leaked-data-breach
> Discord has [1]identified approximately 70,000 users that [2]may have had their government ID photos exposed as part of a customer service data breach announced last week, spokesperson Nu Wexler tells The Verge. A [3]tweet by vx-underground said that the company was being extorted over a breach of its Zendesk instance by a group claiming to have "1.5TB of age verification related photos. 2,185,151 photos." In its announcement last week, Discord said that information like names, usernames, emails, the last four digits of credit cards, and IP addresses also may have been impacted by the breach.
"All affected users globally have been contacted and we continue to work closely with law enforcement, data protection authorities, and external security experts," said Wexler. "We've secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause."
[1] https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service
[2] https://www.theverge.com/news/797051/discord-government-ids-leaked-data-breach
[3] https://x.com/vxunderground/status/1975834621503062495
KYC bullshit (Score:2, Interesting)
This is EXACTLY why people fight against these stupid rules and laws like KYC, age verification, gun registration, etc. It's all theater that doesn't solve the real problems.
It only serves to support identity theft, extortion, invasion of privacy, and Rights violations. The criminals keep doing what they're doing because nothing changes for them. Lawmakers proving once again they're Grade-A greedy morons .
Re: (Score:2)
I'm glad we're grouping regulating deadly weapons in with discord age checks. I'm sure conflating one of your favorite partisan issues with this is bound to get everyone on board with your point.
Re: (Score:1)
Gun registration is gun confiscation.
Age verification is Digital ID.
It's exactly the same process.
Re: (Score:2)
Except one is regulating deadly weapons and one isn't. Nice try though.
Retention (Score:3, Insightful)
Why are these data being retained?
Once the age verification check has been completed, the information should be discarded.
Re: (Score:3)
I would not be surprised if it is for something nefarious like the AI training fad or selling the information. And/or for providing the data to law enforcement at request.
Re:Retention (Score:4, Interesting)
i guess as proof of due dilligence, oh the irony. this whole thing is a mess.
Re: (Score:2)
If the age verification confirmation is subject to audit in some countries they might be required to retain it.
Priceless. (Score:3)
They use third parties to verify personal information, sit on their hands when said third party gets hacked, and then force their users to agree to arbitration in the face of their staggering ineptitude. Glad I dumped those chumps a while ago.
Re: (Score:2)
The UK now requires them to check ID before allowing access to some content. For sites like Discord that effectively means everyone needs to present ID, because they don't want to control what people say on their site before publishing it.
Let's see how many UK users who verified their age are in there, and what the fallout is.
Why the blind trust in tech? (Score:4, Interesting)
Tech has become the ultimate con game!
It started off as a tool as trustable as a shovel. Want to move dirt? Use a shovel.
Want to put data in a database? Use this screen.
Now? Software and devices are shackles to your service provider.
Xhitter became toxic? Let's all go to Discord. They are for sure trustworthy.
They would never mine our data, raise rates, or ... uh oh... not secure our data.
FOR SURE!!
Why such blind trust?
Nobody seems to be able to see any of the downsides of software and services.
Any mention of the negatives is hand waved away, until this happens. This always happens.
Just because it's an option, does it mean you should take it?
Bullshit (Score:2)
"We take our responsibility to protect your personal data seriously" - Not if you are using third party vendors to save a buck. Such bullshit.
suitability (Score:4, Insightful)
is a face photo really suitable for age verification ? Can it reliably distinguish between an 18yo and a 19yo ? is it better than a photo of, say, the back of the hand
What are the odds that these photos were not encrypted or even cropped to be just a thin strip of image instead of the full face
Re: (Score:3)
> is a face photo really suitable for age verification ?
No, but for age verification, these photos will be of entire driving licences or passport pages, so they contain DoB and other data.
Who'd've thought that they'd be vague about what exactly the photos are of.
All According To Plan (Score:2)
Governments around the world would not wish for lawfully private data to fall into some AI database somewhere that is contracted to the same gov't, purely for writing assitance.
Re: (Score:2)
And in the U.S., the DOGE maggots have already siphoned off your SS data to Peter Thiel and Palantir.
For the record: UK only (Score:3)
According to Discordâ(TM)s own QA page:
Q: Is Discord introducing mandatory age verification or ID checks?
A: The United Kingdom's Online Safety Act (âoeOSAâ) introduces new responsibilities for online platforms to reduce safety risks and provide age-appropriate experiences for users, especially teens. In compliance with the UK OSA, all new and existing UK users will be assigned updated default settings.
These defaults include automatic content filtering (which is already enabled for teens everywhere) to reduce the likelihood that teens encounter certain types of potentially harmful content, as well as different social settings. UK users who wish to access content flagged by our filters or customize those settings can do so only after verifying that they are 18 or older through our new privacy-forward age verification experience.
Our new privacy-forward age verification experience is required in specific scenarios that meet the OSAâ(TM)s requirements, while building on our commitment to fostering genuine connections and a positive online experience. Check out our Safety Center article to learn more about why we are making these changes due to the UK OSA.
Age verification is currently only available to UK users. For more info, please visit our Help Center article.
Legal? (Score:2)
Why the heck would anyone give a target like discord their government ID? I didn't even think it was legal for Discord to ask for it.
They deserve it (Score:2)
If you are ignorant enough to hand over a copy of your ID to a 3rd party, you deserve what's coming after.
There should be a central government run ID verification system where the user identities through the govt who already have your details but where the end system only gets a yay or nay response, without having access to your data.
3rd parties fundamentally cannot be trusted with your sensitive data.
Another issue here is that scanning your ID should never have been the means to prove your identity in the
ID Verification (Score:4, Insightful)
Who would of thought it would be a disaster?
Re: (Score:1)
It's supposed to be a disaster so then governments can say 'Oh dear, it was a disaster' and push for official Digital ID.
You need to learn to think like a burrowcrat.