Should you be thinking twice before providing your government-issued ID?
Approximately 70,000 Discord users’ government-issued ID is now in the hands of hackers as part of the infiltration of a Zendesk instance belonging to a third-party customer support company working for the comms platform.
A tweet from vx-underground claims that Discord is now being extorted over the data breach, with the group responsible claiming it has “1.5TB of age verification related photos. 2,185,151 photos.”
Speaking with The Verge, Discord said, “this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions.”
Discord has said it has notified those impacted by the data breach. It also said that data including a user’s name, Discord username, email, limited billing information, IP addresses, and “limited corporate data” may have also been obtained by hackers.
While, again, this is a breach of a third-party provider that was assisting Discord with “age-related appeals,” the company is now actively asking Australians to submit government-issued ID as part of an age-verification trial (that may become mandatory due to changes to Australia’s Online Safety Act).
As part of that trial, Discord itself said that “the information you provide is only used to confirm your age group, then it’s deleted.”
We’ve reached out to Discord to ask if data obtained by Discord third-party support is retained after related appeals, and what the company is doing to avoid security breaches such as this. Though, that said — they can’t forever. Keep that in mind when you’re throwing your government-issued ID at corporations.
This article may contain affiliate links, meaning we could earn a small commission if you click-through and make a purchase. Stevivor is an independent outlet and our journalism is in no way influenced by any advertiser or commercial initiative.
