this post was submitted on 08 Oct 2025
778 points (99.2% liked)

Technology

75963 readers
3102 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
778
The Discord Breach Might Be Worse Than We Thought, As The Hacker Is Said To Have Two Million Age Verification Photos (www.thegamer.com)
submitted 3 days ago by return2ozma@lemmy.world to c/technology@lemmy.world
125 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] plz1@lemmy.world 122 points 3 days ago (5 children)

The fact that these photos and PII (personally identifiable information) were not destroyed after the verification process was certified is absolutely atrocious OpSec. I don't even care which of the two companies is ultimately responsible, because they are both responsible.

  1. Zendesk for their bad OpSec
  2. Discord for both outsourcing this AND not having contractual requirements to properly secure and destroy PII when it was no longer required.

I work in IT, and treat PII like it's dangerously radioactive, because in the digital world, it really is.

[–] prole@lemmy.blahaj.zone 10 points 2 days ago

That's because you have ethics

[–] TomArrr@lemmy.world 16 points 2 days ago (1 children)

"Apparently" only those who were challenging the verification results and uploaded awaiting reverification are affected.

Not that that isn't bad enough

[–] Kissaki@feddit.org 12 points 2 days ago (1 children)

That's even worse, in my eyes. Maybe not in scale, but when appeal process is more vulnerable, that seems very questionable.

[–] TomArrr@lemmy.world 1 points 22 hours ago

Yea, pretty sure most of the evidence is no longer ther

[–] luciferofastora@feddit.org 6 points 2 days ago

Me when I get a request for PII pertaining to a suspected corruption case: Have one of our corporate lawyers give me a written and explicit statement of what data I'm supposed to send to whom or get bent. I'm not touching that with a ten foot pole and gloves unless I have a legally solid affirmation that what I'm doing won't come back to bite me, and that our workers' council knows about it and will back me up.

I'm reluctant to even confirm that I can get that information in the first place. I mean, I'm the one with full access to the audit tool, so I probably do, but I'd have to access that data in the first place to check. I don't think that anyone would notice or care so long as I don't share that information, but as you said: dangerously radioactive; don't touch if I can help it.

[–] Zen_Shinobi@lemmy.world 5 points 3 days ago

Right. It blows me away the required training we have to do for physical files more secured than Fort Knox! Tech world? Eh just throw it in the recycle bin

[–] aidan@lemmy.world 1 points 2 days ago

I agree completely its moronic, but I do imagine the law requires it