A hack impacting Discord’s age verification process shows in stark terms the risk of tech companies collecting users’ ID documents. Now the hackers are posting peoples’ IDs and other sensitive information online.
A catastrophic data breach at Discord’s third-party vendor Zendesk has exposed sensitive user information, including ID documents and selfies uploaded for age verification[1][2]. At least 70,000 people were impacted by the breach, with hackers leaking users’ driver’s licenses, approximate locations, real names, and emails[2:1].
The hackers are attempting to extort Discord and have already shared leaked selfies of users posing with their IDs in a Telegram group, along with a spreadsheet containing detailed information on a thousand users[2:2].
This breach validates critics’ concerns about tech companies collecting sensitive identity documents, particularly in light of recent age verification requirements in countries like the UK[2:3]. As one security expert notes in Gadgeteer, “a password is easy to change, but an ID document is often a nightmare to change, and the ID number anyway stays the same”[3].
Discord says it is working with affected users and authorities but won’t give in to the hackers’ demands[2:4].
(Fucking paywall article)
Summary
A catastrophic data breach at Discord’s third-party vendor Zendesk has exposed sensitive user information, including ID documents and selfies uploaded for age verification[1][2]. At least 70,000 people were impacted by the breach, with hackers leaking users’ driver’s licenses, approximate locations, real names, and emails[2:1].
The hackers are attempting to extort Discord and have already shared leaked selfies of users posing with their IDs in a Telegram group, along with a spreadsheet containing detailed information on a thousand users[2:2].
This breach validates critics’ concerns about tech companies collecting sensitive identity documents, particularly in light of recent age verification requirements in countries like the UK[2:3]. As one security expert notes in Gadgeteer, “a password is easy to change, but an ID document is often a nightmare to change, and the ID number anyway stays the same”[3].
Discord says it is working with affected users and authorities but won’t give in to the hackers’ demands[2:4].
404 Media - The Discord Hack is Every User’s Worst Nightmare ↩︎
The Flagship Eclipse - Discord Suffers Major Hack Making Users’ Worst Nightmare Come True ↩︎ ↩︎ ↩︎ ↩︎ ↩︎
Gadgeteer - The Discord Hack is Every User’s Worst Nightmare — Why Uploaded IDs are a Problem ↩︎