this post was submitted on 04 Oct 2025

429 points (99.3% liked)

Technology

75734 readers

3288 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

L3s@lemmy.world

enu@lemmy.world

technopagan@lemmy.world

L4s@lemmy.world

L3s@hackingne.ws

L4s@hackingne.ws

429

Discord customer service data breach leaks user info and scanned photo IDs (www.theverge.com)

submitted 15 hours ago by QuantumSpecter@lemmy.world to c/technology@lemmy.world

70 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] Broken@lemmy.ml 2 points 1 hour ago

My take on this is a little more fundamental than the whole ID/age thing. We all knew this would happen, and why? Because nobody has addressed the first problem. Security is only as strong as the weakest link, and companies are not transparent with customers.

Companies spell out in their Terms and Privacy statements that they have Affiliates that data gets shared with. And they want you to accept them all blindly, without clarifying who they are and what they do.

Even here, with a reported breach, they are not naming them and just calling them "third party". So they screwed up and many people have their information and IDs out in the wild because if them, but we don't even get to know who they are?

His are we to trust a company of we don't know who they're in bed with? How are we to rate their security and assess our risk of using their service without all the information?

As far as I can tell Discord handled it pretty well as far as breaches go. But maybe if I know they are using a shit company as one of their vendors I might think twice about using them.

Its the same logic as the next article in my feed, where crunchyroll is getting pushback from the subtitle service they are using. And that's not even their own security in mind. People make choices based on what companies do, so be transparent with it all and we will have the warm fuzzies if things match up. If they don't then the company gets customer feedback so they can adjust.

[–] psx_crab@lemmy.zip 14 points 4 hours ago

One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says.

So, not Discord but a 3rd party company that handle Discord's customer service, and if you didn't use their customer service then you're not affected.

[–] sol6_vi@lemmy.makearmy.io 21 points 5 hours ago (1 children)

I wish I could convince my giant discord community to go anywhere else. It's so fucking hard. I've built IRC networks and a matrix server. I host every fediverse app imaginable. I hate being attached to this company and my income being reliant on it.

[–] Dran_Arcana@lemmy.world 13 points 4 hours ago (1 children)

Back in the day when our community was switching from xmpp to discord, our solution was to write a bot on either end that relayed messages from one to the other. The xmpp bot got more and more naggy over time until eventually we put the xmpp side in read-only for everyone except the relay bot. It did a good enough job at building momentum to switch that the final holdouts came over when we went r/o.

You might consider building something similar if you want to make a genuine effort to switch to matrix or IRC. A relay bot solves the problem of the first people being punished by virtue of being first.

[–] sol6_vi@lemmy.makearmy.io 4 points 3 hours ago

Its a good suggestion and something I've considered. Unfortunately we're using conduit as our server and that type of integration doesn't seem to work well outside of synapse. That said I know some people have gotten it working I just need to dig a little deeper. It's a chore for sure but it seems like the only path forward.

[–] abbiistabbii@lemmy.blahaj.zone 15 points 5 hours ago

Can someone please send this to Keir Starmer with the subject like "Look what you did".

[–] Somecall_metim@lemmy.dbzer0.com 18 points 6 hours ago

I am jack's complete lack of surprise

[–] MonkderVierte@lemmy.zip 19 points 6 hours ago

So they kept the images illegally, hm?

[–] Die4Ever@retrolemmy.com 94 points 9 hours ago (4 children)

Lol I thought they were supposed to delete the ID images once confirmed

[–] Brewchin@lemmy.world 14 points 4 hours ago

FTA: The IDs leaked were from people appealing age verification.

That's different from the age verification process, which goes through a third party provider.

In short, the leaked IDs were from a standard shitty support platform (Zendesk, Salesforce, etc), not the much-advertised "safe and private" age verification system.

[–] kbobabob@lemmy.dbzer0.com 10 points 5 hours ago

Very first question in FAQ:

Q: Does Discord or k-ID keep my selfie data?

A: Discord only logs the k-ID age verification results used to unlock your account—it doesn’t save your selfie image. For questions about k-ID’s processes, please contact k-ID.

So they are going to blame someone else.

[–] Tollana1234567@lemmy.today 49 points 7 hours ago

"Haha, and you believed us" -Discord

[–] jasoman@lemmy.world 25 points 7 hours ago

But the ai training lol

[–] CheesyFox@lemmy.sdf.org 16 points 7 hours ago (1 children)

*gasp*

surprisedpikachu.jpeg

[–] HexesofVexes@lemmy.world 22 points 7 hours ago (2 children)

This was kind of breach so predictable even surprisedpikachu.txt isn't enough, but it must be done.

⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿ ⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿ ⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿ ⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿

[–] ICastFist@programming.dev 4 points 4 hours ago

put the pikachu part in code so it'll render monospaced ;)

⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿
⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿
⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿
⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿
⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿

[–] popekingjoe@lemmy.world 1 points 5 hours ago

Thank you for your service. 🫡

[–] Blackmist@feddit.uk 16 points 7 hours ago

Update photos set deleted=1 where id=553468863

[–] prex@aussie.zone 24 points 9 hours ago

[–] Rooty@lemmy.world 88 points 11 hours ago

Official statement from Discord: "Oopse woopse we did a fucky wucky. Sue us hahaha you won't"

[–] frustrated_phagocytosis@fedia.io 266 points 14 hours ago (1 children)

No, that can't be right. Forced use of photo ID for age verification couldn't possibly lead to leakage of said IDs. The purity police assured us!

[–] KelvarCherry@lemmy.blahaj.zone 30 points 6 hours ago (2 children)

think of the children!!!!!! :< :< :< :< :<

[–] cley_faye@lemmy.world 16 points 6 hours ago

Coincidentally an alarming lot of people that impose pure bullshit on us seems to think of the children a tad too much.

[–] FatTony@lemmy.world 6 points 6 hours ago

I know right! Now we got their IDs too! :D

[–] fluffykittycat@slrpnk.net 108 points 13 hours ago (4 children)

I knew this was gonna happen

[–] FatTony@lemmy.world 9 points 6 hours ago* (last edited 6 hours ago)

And you didn't tell Discord??

[–] Simulation6@sopuli.xyz 4 points 6 hours ago

I am surprised it took this long. Probably happening since day one and just now getting reported.

[–] Tollana1234567@lemmy.today 4 points 7 hours ago

Even if it wasn't, they would sold your data to someone anyways, MEta being obivous

[–] theherk@lemmy.world 41 points 13 hours ago (2 children)

Candidly, I did not expect it so soon.

[–] OrgunDonor@lemmy.world 10 points 9 hours ago (1 children)

I am honestly surprised it took this long for a company to get hacked(surprised it was discord though).

[–] MrScottyTay@sh.itjust.works 8 points 8 hours ago (1 children)

They're not the first. The first one happened in the same week the digital safety act was put in place

[–] VieuxQueb@lemmy.ca 4 points 6 hours ago (1 children)

Noe that makes more sense.

[–] MrScottyTay@sh.itjust.works 1 points 1 hour ago

IIRC it was before the end of the first day too haha

[–] HexesofVexes@lemmy.world 2 points 7 hours ago

I was thinking that, you'd think they'd strike once the pot is a little larger.

[–] whereyaaat@lemmings.world 2 points 6 hours ago

This shouldn't surprise anyone with a brain.

Anyone know where we can find the data?

[–] rozodru@piefed.social 1 points 5 hours ago (1 children)

/me chuckles from his IRC chat room

and people will continue to use Discord.

[–] FishFace@lemmy.world 1 points 5 hours ago

I held out for a return to IRC for a long time but the days of only getting messages when you're online, or of setting up a bouncer or other solution, are just long gone.

[–] SugarCatDestroyer@lemmy.world 1 points 5 hours ago

It's a good thing I didn't give out my phone number or passport and didn't communicate via voice chat.

load more comments