Earlier this year, Discord began testing a new age-verification process in the United Kingdom that required users to scan their government-issued ID. That has come back to haunt both Discord and the users who shared that info, as a new report suggests that millions of people may have had their ID and other info exposed during a recent data hack.
According to a statement on Discord’s official site, the government-issued ID of 70,000 users may have been exposed when a third-party service provider, 5CA, was hacked. Discord had contracted 5CA to handle age-verification duties. Discord went on to state that none of its messages were breached beyond exchanges with customer support or trust and safety agents.
Cyber Security News’ follow-up report puts the number of stolen government IDs at 2.1 million, and added that the final number of affected people may be approximately “5.5 million unique users across 8.4 million support tickets.”
The report adds that the hackers attempted to extort Discord with a total of 1.5 terabytes of stolen data, which potentially includes usernames, email accounts, IP addresses, and the last four digits of credit card numbers. Discord has stated that full credit card numbers and CCV codes weren’t included in the breach, and added that it is working with law enforcement while notifying affected users by email.
The ID photographs of the affected users could also be leaked, which was one of the reasons the UK faced pushback over this requirement. 5CA appears to have been responsible for manual reviews for users whose IDs were initially rejected or people who were appealing age-related suspensions.
Earlier this year, Nintendo attempted to subpoena Discord to discover the identity of a user responsible for a massive Pokemon leak. A Congressional Republican has also called upon Discord, Steam, and Twitch CEOs to testify in front of Congress over alleged radicalization on their platforms.
Comments are closed, but trackbacks and pingbacks are open.