Hackers may have compromised the government ID photos of approximately 70,000 users on Discord, as the popular chat platform revealed in a statement on Wednesday evening. The breach specifically impacted individuals who had interacted with Discord’s customer support or trust and safety teams for age verification purposes. In light of the incident, the company is notifying those whose information was accessed through email.
As a part of its age verification process, Discord requires users to prove their adulthood, necessitating the upload of government-issued identification such as driver’s licenses or passports. The company clarified that it was not directly hacked in this incident; rather, the breach resulted from the compromise of one of its third-party vendors. Discord stated that there was no breach of user messages or activities, and it is cooperating with law enforcement as investigations proceed.
However, Discord refrained from elaborating on which third-party vendor was responsible for the data breach. In a related development, a Telegram channel emerged on Tuesday, wherein individuals claiming to be involved in the hacking incident shared various files they purportedly obtained. This included a database featuring names, email addresses, cities, and redacted phone numbers of approximately 1,000 users. Additionally, over 100 images were posted, depicting users holding their government IDs, allegedly taken as part of the verification process. NBC News has not independently confirmed whether the information is indeed associated with Discord.
Concerns regarding privacy and the risks linked to online age verification systems have been raised by advocates. They argue that users frequently have no way of knowing how their sensitive information, including government ID images, will be safeguarded by companies. Maddie Daly, assistant director of federal affairs at the Electronic Frontier Foundation, highlighted that this breach exemplifies the dangers of such verification processes. She noted, “Age verification systems are surveillance systems,” emphasizing that individuals who share personal information online remain uncertain about the retention and potential misuse of their data, heightening their exposure to data breaches and other security threats.
This incident follows a trend of similar breaches targeting apps that collect sensitive identification photos for verification purposes. Notably, in July, the Tea app experienced a security issue that resulted in the exposure of 72,000 images. The Tea app, designed to create a secure environment for women to discuss their experiences with men, also required users to upload self-photos for gender verification, underlining a growing concern over how such data is handled and protected.
