Government ID photos of around 70,000 Discord users, collected for age verification purposes, may have been stolen in a hack, the company said in an Oct. 9 update. Discord is a group chat app used largely by programmers and gamers.
Initially announced on Oct. 3, the data breach occurred on the systems of third-party vendor 5CA, which Discord uses for customer support efforts. The malicious actor aimed to extort a financial ransom from Discord, the company stated.
According to Discord, the unauthorized party “gained access to information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams.”
“No messages or activities were accessed beyond what users may have discussed with Customer Support or Trust & Safety agents,” the company said.
“Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals.”
Age-related appeals refer to instances when users were locked out of the app due to being reported as underage and then had to submit photo IDs to verify their age and unlock their accounts.
In addition to government ID photos, other potentially compromised data includes names, Discord usernames, emails, IP addresses, messages with customer service agents, billing information—such as payment types, purchase histories, last four digits of credit cards—and other contact details provided to customer support, Discord said.
The company clarified that full credit card numbers or CVV codes, passwords and authentication data, and messages or activity on Discord outside of what users communicated with customer service were not impacted.
“If your ID may have been accessed, that will be specified in the email you receive,” the update said.
According to an Oct. 4 X post by the International Cyber Digest newsletter, an email sent out by Discord to users affected by the data breach says the security incident occurred on Sept. 20. The email said that physical addresses of users were not compromised.
In its update, Discord said that once the breach was discovered, it immediately revoked 5CA’s access to Discord’s ticketing system. It also engaged a leading computer forensics company to investigate the issue and is working with law enforcement on the matter.
“Looking ahead, we recommend that impacted users stay alert when receiving messages or other communication that may seem suspicious. We have service agents on hand to answer questions and provide additional support,” Discord said in its statement.
The Epoch Times reached out to 5CA for comment but did not receive a response by publication time.
User Verification Versus Privacy
Another incident of ID verification-related data breach took place in July, when hackers compromised around 72,000 images submitted to the women-focused Tea Dating Advice app.
Of the 72.000 images, roughly 13,000 were selfies and photo identification submitted by users during the account verification process, the company said at the time.
The Discord hack comes as a bipartisan group of lawmakers is aiming to push through the Kids Online Safety Act (KOSA), according to a May 14 statement from the office of Sen. Marsha Blackburn (R-Tenn.), a lawmaker backing the bill.
One of the provisions of the bill requires the Secretary of Commerce, the Federal Communications Commission, and the Federal Trade Commission to study feasible options for developing age verification systems.
They are required to assess the benefits of such a verification system, including how it could verify age while minimizing risks to privacy.
In a June 12 post, free speech advocacy NetChoice criticized the bill, warning that requiring social media companies to verify users conflicts with the First Amendment.
Such verification, irrespective of the age, could end up “conditioning Americans’ access to constitutionally-protected speech on whether they are willing to hand over sensitive documents,” NetChoice said.
Blackburn called on lawmakers to pass the bill, highlighting the risks faced by minors on the internet.
“We would never allow our children to be exposed to pornography, sexual exploitation, drugs, alcohol, and traffickers in the physical space, but these platforms are allowing this every single day in the virtual space,” she said.
“Congress must not cave to the wills and whims of Big Tech, and we must not be bullied into submission. Now is the time to stand up and protect future generations from harm by passing KOSA.”
Friends Read Free
Copy
Facebook
Tweet
