Age Verification Hacking Firm Possibly Exposes ID Photos of Discord Users | Social Media

Photos of government IDs belonging to approximately 70,000 global Discord users, a widely used messaging and chat application amongst gamers, might have been exposed following a breach at the firm responsible for conducting age verification procedures.

Along with the ID photos, details such as users’ names, email addresses, other contact information, IP addresses, and interactions with Discord customer support could also have fallen prey to the hackers. The attacker is reportedly demanding a ransom from the company. Fortunately, full credit card information or passwords were not compromised.

The incident was disclosed last week, but news of the potential ID photo leak came to light on Wednesday. A representative from the UK’s Information Commissioner’s Office, which oversees data breaches, stated: “We have received a report from Discord and are assessing the information provided.”

The images in question were submitted by users appealing age-related bans via Discord’s customer service contractors, which is a platform that allows users to communicate through text, voice, and video chat for over a decade.


Some nations, including the UK, mandate age verification for social media and messaging services to protect children. This measure has been in effect in the UK since July under the Online Safety Act. Cybersecurity professionals have cautioned about the potential vulnerability of age verification providers, which may require sensitive government-issued IDs, to hackers aware of the troves of sensitive information.

Discord released a statement acknowledging: “We have recently been made aware of an incident wherein an unauthorized individual accessed one of Discord’s third-party customer service providers. This individual obtained information from a limited number of users who reached out to Discord through our customer support and trust and safety teams… We have identified around 70,000 users with affected accounts globally whose government ID photos might have been disclosed. Our vendors utilized those photos for evaluating age-related appeals.”

Discord requires users seeking to validate their age to upload a photo of their ID along with their Discord username to return to the platform.

Nathan Webb, a principal consultant at the British digital security firm Acumen Cyber, remarked that the breach is “very concerning.”

Skip past newsletter promotions

“Even if age verification is outsourced, organizations must still ensure the proper handling of that data,” he emphasized. “It is crucial for companies to understand that delegating certain functions does not relieve them of their obligation to uphold data protection and security standards.”

Source: www.theguardian.com

Leaked Age Verification IDs from Discord Data Breaches | Gaming News

Discord, the popular video game chat platform, has informed users about a data breach that has potentially compromised the personal information required for age verification.

Last week, the company reported that unauthorized individuals accessed one of Discord’s third-party customer service providers, impacting “a limited number of users” who interacted with customer service or the trust and safety teams.

Compromised data could encompass usernames, email addresses, billing details, the last four digits of credit card numbers, IP addresses, and messages exchanged with customer support.

According to Discord, the alleged attackers “gained access to a small number of government ID images (e.g., driver’s licenses, passports, etc.) from users who submitted appeals regarding their age verification.

The affected users were informed as of last week.

“If any ID is accessed, it will be explicitly mentioned in the email you receive,” Discord stated.

The support system was reportedly exploited to retrieve user data in an attempt to extort a financial ransom from Discord, the company clarified.

Discord mentioned that the third-party provider has since revoked access to the ticketing system and has initiated an internal investigation in collaboration with law enforcement.

Users who received the notification indicated that the attack likely occurred on September 20th.

With over 200 million active users each month, Discord continues to grow.

Earlier this year, Discord began verifying user ages in the UK and Australia using facial age verification tools. The company stated that age verification face and ID images are “deleted immediately afterwards,” but according to their website, users can reach out to the trust and safety team for a manual review if verification fails.

Under the upcoming social media ban for users under 16, effective December 10, the Australian government specified that platforms like Discord will have various ways to verify user ages and hopes to address unfavorable decisions swiftly.

As part of the age verification scheme, the platform can request an ID document, though it is not the sole method of age verification available under their policy.

Australia’s Privacy Committee has confirmed that it has been notified of the breach involving Discord.

Discord has been contacted for further comments.

Source: www.theguardian.com

Jason Citron Steps Down as CEO of Social Chat App Discord

Jason Citron, co-founder of popular social chat app Discord, resigned as the company’s chief executive on Wednesday.

Citron said in a statement that the new CEO is Humam Sakhnini, a 15-year veteran of the video game industry. Sakhnini was previously vice-president of Activision, the game publisher behind titles such as Call of Duty and Candy Crush.

Discord was released as early as this year and is valued at around $15 billion by private investors in 2021. The app is particularly popular among gamers, with over 200 million users.

Citron will remain on the company’s board of directors and will become Sakinini’s advisor, he said in a statement. Sakhnini helped oversee Activision when Microsoft bought it for $69 billion in 2023 and resigned from the company shortly after the acquisition.

in Interview Using VentureBeat, a game publication that previously reported on management changes, Citron said he was “a more builder, an early stage guy” and “hiring someone like Humam is a step in that direction.”

Discord was founded in 2015 by Citron and Stanislav Vishnevskiy.

The company grew over the years and gained particularly popularity during the pandemic, when interest in video games reached its peak. In 2021, Discord discussed acquisitions in the $10 billion range with Microsoft, but no deals were made.

Last year, Citron testified at an online congressional hearing on child safety, where the senator grilled him and Chief Executives of Meta, Tiktok and X on safe lapses on social media platforms.

Discord makes money primarily from premium subscription services, but in recent years it has expanded its advertising by people using the app and revenue from so-called microtransactions.

Source: www.nytimes.com