Discord says that hackers made off with images of 70,000 users’ government IDs that they were required to provide in order to use the site.
Like an increasing number of sites, Discord requires certain users to provide a photo or scan of their driver’s license or other government ID that shows they meet the minimum age requirements in their country. In some cases, Discord allows users to prove their age by providing a selfie that shows their faces (it’s not clear how a face proves someone’s age, but there you go). The social media site imposes these requirements on users who are reported by other users to be under the minimum age for the country they’re connecting from.
“A substantial risk for identity theft”
On Wednesday, Discord said that ID images of roughly 70,000 users “may have had government-ID photos exposed” in a recent breach of a third-party service Discord entrusted to manage the data. The affected users had communicated with Discord’s Customer Support or Trust & Safety teams and subsequently submitted the IDs in reviews of age-related appeals.
“Recently, we discovered an incident where an unauthorized party compromised one of Discord’s third-party customer service providers,” the company said Wednesday. “The unauthorized party then gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.”
Discord cut off the unnamed vendor’s access to its ticketing system after learning of the breach. The company is now in the process of emailing affected users. Notifications will come from noreply @ discord.com. Discord said it won’t contact any affected users by phone.
The data breach is a sign of things to come as more and more sites require users to turn over their official IDs as a condition of using their services. Besides, Discord, Roblox, Steam, and Twitch have also required at least some of their users to submit photo IDs. Laws passed in 19 US states, France, the UK, and elsewhere now require porn sites to verify visitors are of legal age to view adult content. Many sites have complied, but not all.
