Discord Data Breach Exposes Users' Sensitive Age IDs

Overview of the Discord Data Breach

Discord, the popular platform for gamers to chat and connect, has recently experienced a significant data breach that has raised concerns about user privacy and security. The incident, which was disclosed last week, involved the compromise of personal information belonging to some users, including sensitive identity documents required for age verification.

Details of the Breach

According to Discord, the breach occurred due to an unauthorized entity gaining access to one of its third-party customer service providers. This breach allowed access to a "limited number of users" who had interacted with Discord's customer service or trust and safety teams.

The data that may have been compromised includes:

• Usernames
• Email addresses
• Billing information
• Last four digits of credit card numbers
• IP addresses
• Messages exchanged with customer support

In a concerning revelation, Discord also mentioned that the alleged hacker managed to access images of government-issued IDs, such as driving licenses and passports, from users who had contested age determinations. Discord stated that users potentially affected by the breach were in the process of being notified as of last week.

Notification and Response

“If your ID may have been accessed, that will be specified in the email you receive,” Discord communicated to its users. The breach was reportedly targeted to extract user data with the intent of extorting a financial ransom from the company.

In response to the incident, Discord took immediate action by revoking the third-party provider’s access to its support ticketing system and initiated an internal investigation, which includes collaboration with law enforcement agencies. The attack is believed to have taken place on September 20, as noted by a user who received a notification regarding the breach.

User Count and Age Verification Measures

Discord has an impressive user base, boasting over 200 million active monthly users. Earlier this year, the company implemented facial age verification measures for users in the UK and Australia to ensure compliance with age-related regulations.

Discord assured users that facial images and ID documents are "deleted directly after" age verification is completed. However, if verification fails, users are encouraged to contact the trust and safety team for a manual review of their case.

Implications of the Under 16s Social Media Ban

As part of the upcoming under 16s social media ban scheduled to take effect on December 10, the Australian government has mandated that platforms like Discord must provide multiple methods for age assessment. Furthermore, these platforms are required to offer a swift appeal process for users who face adverse decisions.

While platforms can request ID documents as part of their age verification processes, these cannot be the sole means of determining a user’s age, as specified in the new policy.

Privacy Commissioner Informed

The Australian Privacy Commissioner has confirmed that it has been made aware of this data breach by Discord. The company has been approached for further comment on the situation.

Concluding Thoughts

This incident underscores the ongoing challenges of cybercrime and hacking in the digital age, particularly in relation to the privacy of users. As online platforms continue to evolve, ensuring the security of personal information remains a pressing concern. Discord’s commitment to addressing this breach and enhancing its security measures will be crucial in maintaining user trust and confidence moving forward.