this post was submitted on 08 Oct 2025
778 points (99.2% liked)

Technology

75963 readers
3230 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
778
The Discord Breach Might Be Worse Than We Thought, As The Hacker Is Said To Have Two Million Age Verification Photos (www.thegamer.com)
submitted 3 days ago by return2ozma@lemmy.world to c/technology@lemmy.world
125 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] Warl0k3@lemmy.world 3 points 2 days ago* (last edited 2 days ago) (1 children)

While there's plenty of merit to what you're saying, I'm too sick to have a coherent thought beyond maybe pointing out that the main issue with legislation like this isn't that it doesn't specify security requirements, but that it's forcing people who do not have infrastructure established to collect and manage sensitive info of this nature in the first place.

Discord never set out to collect this much PII, and as far as I'm aware there's never been a breach of their payment information processing. Like you say, it's an established thing to handle payments and is fairly routine to implement. There is no routine method of handling ID verification yet, and the solutions that exist were forced to be developed rapidly and with no standards.

The legislation is at fault for putting people in this situation - that they used Zendesk was a boneheaded move (I haven't seen details of the breach, was that really the vector that got attacked?) and sure, they're at some degree of fault for letting this happen. But the vast majority of the blame lies at the feet of the asinine legislation that all but explicitly mandated that this situation arise.

[โ€“] AmbitiousProcess@piefed.social 2 points 2 days ago

Oh, of course the legislation is to blame for a lot of this in the end. I'm just saying that Discord could have already partnered with a number of identity verification services that do already have this infrastructure up and running, with standardized and documented ways to call their APIs to both verify and check the verification of a user.

At the end of the day, Discord chose to implement a convoluted process of having users email Discord, upload IDs, then have Discord pull the IDs back down from Zendesk and verify them, rather than implementing a system where users could have simply gone to a third-party verification website, done all the steps there, had their data processed much more securely, then have the site just send Discord a message saying "they're cool, let 'em in"