In a significant data breach, hackers have stolen government IDs from approximately 70,000 Discord users. This theft occurred through a third-party service that Discord had engaged for managing user data. Such incidents raise alarms about the safety of sensitive information and the risks associated with digital identity verification.
Details of the Breach
Discord announced the compromise on a Wednesday, revealing that unauthorized individuals gained access to ID images of users who had contacted their Customer Support and Trust & Safety teams. These users were required to submit government-issued IDs, such as driver’s licenses, to verify their age.
Age Verification Process
- Discord requires users to prove their age if reported as underage.
- A photo ID or a selfie may be submitted for verification.
- The policy aims to ensure compliance with local age regulations.
This incident underscores the growing trend of online platforms demanding users provide personal identification. The stolen data poses a “substantial risk for identity theft,” as stated by Discord.
Response to the Incident
Upon discovering the breach, Discord severed the connection with the external vendor responsible for handling the data. The company is proactively contacting affected users through email notifications, which will originate from a designated address: noreply@discord.com. Notably, Discord has clarified that it will not reach out to users by phone regarding this issue.
The Broader Impact
The breach at Discord reflects a broader concern regarding identity theft risks associated with online services that require users to submit personal documents. Other platforms, such as Roblox, Steam, and Twitch, also demand similar verification processes.
Furthermore, legal frameworks in 19 US states, as well as countries like France and the UK, are increasingly pushing websites to implement age verification for users accessing adult content. While many sites have adapted, some continue to resist compliance, highlighting a challenging landscape for user privacy and data protection.
