The messaging platform Discord has reported that hackers have stolen the official ID photos of approximately 70,000 users. The app, known for its popularity among gamers and teenagers, disclosed that the hackers targeted a third-party firm responsible for verifying the ages of Discord users. Discord clarified that its own platform was not compromised in the breach.
The stolen data may contain personal information, partial credit card numbers, and conversations with Discord’s customer service representatives. However, Discord assured that full credit card details, passwords, or any activities beyond interactions with customer support were not exposed. The company took immediate action by revoking the third-party service’s access and initiating an investigation. Discord also confirmed that all affected users have been notified.
In light of this incident, Discord advised impacted users to remain vigilant when receiving suspicious messages or communications. This breach highlighted the importance of age verification processes, which have become necessary due to the increasing governmental regulations on unsuitable content. Discord, with its vast user base of 200 million active users, had to implement age checks to comply with these regulations, similar to how shops verify age for alcohol purchases.
Although Discord’s age verification system itself was not compromised, the breach occurred through the appeals process, managed by a third-party provider. Users who were wrongly blocked from Discord could submit a photo ID to prove their age, leading to the hacking of over 70,000 IDs. The hackers’ claim of possessing 2,185,151 photos was refuted by Discord as an attempt to extort money.
To enhance the security of age verification processes, companies could consider not storing photo IDs, although this might impact the accuracy of checks. Advocates of digital IDs suggest using government-issued IDs to eliminate the need for sharing passport photos online. Ultimately, the best way to prevent data breaches is to avoid collecting sensitive information in the first place.
As the internet faces evolving security challenges, the incident with Discord raises questions about the effectiveness of government oversight. Will the measures intended to enhance online safety inadvertently compromise user security? This ongoing situation serves as a crucial test for the regulatory landscape of the digital world.
SOURCE