Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Discord customer service data breach leaks user info and scanned photo IDs

⁨388⁩ ⁨likes⁩

Submitted ⁨⁨13⁩ ⁨hours⁩ ago⁩ by ⁨QuantumSpecter@lemmy.world⁩ to ⁨technology@lemmy.world⁩

https://www.theverge.com/news/792032/discord-customer-service-data-breach-hack

source

Comments

Sort:hotnewtop
  • Die4Ever@retrolemmy.com ⁨6⁩ ⁨hours⁩ ago

    Lol I thought they were supposed to delete the ID images once confirmed

    source
    • Brewchin@lemmy.world ⁨2⁩ ⁨hours⁩ ago

      FTA: The IDs leaked were from people appealing age verification.

      That’s different from the age verification process, which goes through a third party provider.

      In short, the leaked IDs were from a standard shitty support platform (Zendesk, Salesforce, etc), not the much-advertised “safe and private” age verification system.

      source
    • Tollana1234567@lemmy.today ⁨5⁩ ⁨hours⁩ ago

      “Haha, and you believed us” -Discord

      source
    • kbobabob@lemmy.dbzer0.com ⁨2⁩ ⁨hours⁩ ago

      Very first question in FAQ:

      Q: Does Discord or k-ID keep my selfie data?

      A: Discord only logs the k-ID age verification results used to unlock your account—it doesn’t save your selfie image. For questions about k-ID’s processes, please contact k-ID.

      So they are going to blame someone else.

      source
    • jasoman@lemmy.world ⁨5⁩ ⁨hours⁩ ago

      But the ai training lol

      source
  • frustrated_phagocytosis@fedia.io ⁨12⁩ ⁨hours⁩ ago

    No, that can't be right. Forced use of photo ID for age verification couldn't possibly lead to leakage of said IDs. The purity police assured us!

    source
    • KelvarCherry@lemmy.blahaj.zone ⁨3⁩ ⁨hours⁩ ago

      think of the children!!! :< :< :< :< :<

      source
      • cley_faye@lemmy.world ⁨3⁩ ⁨hours⁩ ago

        Coincidentally an alarming lot of people that impose pure bullshit on us seems to think of the children a tad too much.

        source
      • FatTony@lemmy.world ⁨3⁩ ⁨hours⁩ ago

        I know right! Now we got their IDs too! :D

        /s

        source
  • psx_crab@lemmy.zip ⁨1⁩ ⁨hour⁩ ago

    One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says.

    So, not Discord but a 3rd party company that handle Discord’s customer service, and if you didn’t use their customer service then you’re not affected.

    source
  • sol6_vi@lemmy.makearmy.io ⁨2⁩ ⁨hours⁩ ago

    I wish I could convince my giant discord community to go anywhere else. It’s so fucking hard. I’ve built IRC networks and a matrix server. I host every fediverse app imaginable. I hate being attached to this company and my income being reliant on it.

    source
    • Dran_Arcana@lemmy.world ⁨2⁩ ⁨hours⁩ ago

      Back in the day when our community was switching from xmpp to discord, our solution was to write a bot on either end that relayed messages from one to the other. The xmpp bot got more and more naggy over time until eventually we put the xmpp side in read-only for everyone except the relay bot. It did a good enough job at building momentum to switch that the final holdouts came over when we went r/o.

      You might consider building something similar if you want to make a genuine effort to switch to matrix or IRC. A relay bot solves the problem of the first people being punished by virtue of being first.

      source
      • sol6_vi@lemmy.makearmy.io ⁨1⁩ ⁨hour⁩ ago

        Its a good suggestion and something I’ve considered. Unfortunately we’re using conduit as our server and that type of integration doesn’t seem to work well outside of synapse. That said I know some people have gotten it working I just need to dig a little deeper. It’s a chore for sure but it seems like the only path forward.

        source
  • Rooty@lemmy.world ⁨9⁩ ⁨hours⁩ ago

    Official statement from Discord: “Oopse woopse we did a fucky wucky. Sue us hahaha you won’t”

    source
  • Somecall_metim@lemmy.dbzer0.com ⁨3⁩ ⁨hours⁩ ago

    I am jack’s complete lack of surprise

    source
  • abbiistabbii@lemmy.blahaj.zone ⁨3⁩ ⁨hours⁩ ago

    Can someone please send this to Keir Starmer with the subject like “Look what you did”.

    source
  • fluffykittycat@slrpnk.net ⁨11⁩ ⁨hours⁩ ago

    I knew this was gonna happen

    source
    • FatTony@lemmy.world ⁨3⁩ ⁨hours⁩ ago

      And you didn’t tell anyone??

      source
    • theherk@lemmy.world ⁨11⁩ ⁨hours⁩ ago

      Candidly, I did not expect it so soon.

      source
      • OrgunDonor@lemmy.world ⁨6⁩ ⁨hours⁩ ago

        I am honestly surprised it took this long for a company to get hacked(surprised it was discord though).

        source
        • -> View More Comments
      • HexesofVexes@lemmy.world ⁨4⁩ ⁨hours⁩ ago

        I was thinking that, you’d think they’d strike once the pot is a little larger.

        source
    • Simulation6@sopuli.xyz ⁨4⁩ ⁨hours⁩ ago

      I am surprised it took this long. Probably happening since day one and just now getting reported.

      source
    • Tollana1234567@lemmy.today ⁨5⁩ ⁨hours⁩ ago

      Even if it wasn’t, they would sold your data to someone anyways, MEta being obivous

      source
  • MonkderVierte@lemmy.zip ⁨4⁩ ⁨hours⁩ ago

    So they kept the images illegally, hm?

    source
  • CheesyFox@lemmy.sdf.org ⁨5⁩ ⁨hours⁩ ago

    *gasp*

    surprisedpikachu.jpeg

    source
    • HexesofVexes@lemmy.world ⁨4⁩ ⁨hours⁩ ago

      This was kind of breach so predictable even surprisedpikachu.txt isn’t enough, but it must be done.

      ⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿ ⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿ ⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿ ⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿

      source
      • ICastFist@programming.dev ⁨2⁩ ⁨hours⁩ ago

        put the pikachu part in code so it’ll render monospaced ;)

        ⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶
        ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿
        ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿
        ⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿
        ⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿
        ⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿
        ⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿
        ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿
        ⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿
        ⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿
        ⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿
        ⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿
        ⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿
        ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿
        
        source
      • popekingjoe@lemmy.world ⁨3⁩ ⁨hours⁩ ago

        Thank you for your service. 🫡

        source
  • Blackmist@feddit.uk ⁨5⁩ ⁨hours⁩ ago

    Update photos set deleted=1 where id=553468863

    source
  • AfricanExpansionist@lemmy.ml ⁨13⁩ ⁨hours⁩ ago

    Do people really have to scan an ID to us Discord?

    source
    • ErmahgherdDavid@lemmy.dbzer0.com ⁨3⁩ ⁨hours⁩ ago

      In the United Kingdom yes because of our authoritarian Online Safety Act that came into power earlier this year. If I join a discord channel marked as nsfw I get a prompt for id which I bypass with a VPN in another country.

      source
    • Manjushri@piefed.social ⁨12⁩ ⁨hours⁩ ago

      No. According to an article the IDs were from people who were challenging an age determination. Still bullshit, but you don’t need ID to use Discord as a general rule.

      The unauthorized party also accessed a “small number” of images of government IDs from “users who had appealed an age determination.”

      Small is, of course, a relative term. I would consider a small number to be 2 or 3. They may feel that 10,000 users is a small number. Who can say?

      source
      • 14th_cylon@lemmy.zip ⁨11⁩ ⁨hours⁩ ago

        as a very minimum, it would make sense to demand safe-deleting the photo immediately after the verification process, with fucking prison time to someone if it is found they did not comply with that.

        but that is clearly not the direction the society is going 🤷‍♂️

        source
        • -> View More Comments
    • pathief@lemmy.world ⁨7⁩ ⁨hours⁩ ago

      When I use the linux or web client it asks for a selfie with my ID card when I try to enter a server.

      Works fine on Android.

      source
    • beejjorgensen@lemmy.sdf.org ⁨12⁩ ⁨hours⁩ ago

      Apparently if they get flagged as underage when they aren’t.

      Yet another example of how requiring ID is a shit idea.

      source
    • JohnEdwa@sopuli.xyz ⁨3⁩ ⁨hours⁩ ago

      Normally, no.
      And this data breach wasn’t technically to Discord either, it was to a third party company that does some part of customer support for them. The data and IDs leaked were from people who had contacted support because they were flagged underaged, and sent their ID to verify they weren’t.

      source
    • ITeeTechMonkey@lemmy.world ⁨12⁩ ⁨hours⁩ ago

      It’s used by some Discord communities to prevent spam/bots. This would be inconjunction with other measures like how some communities require a verified email or to have a phone number associated with your account.

      source
      • Warl0k3@lemmy.world ⁨11⁩ ⁨hours⁩ ago

        While those exist, those wouldn’t have been affected by this breach (or if they were it was only incidentally) - those communities are not using Discord’s age verification but are doing it through DMs (or a 3rd party service). Discord communities do not have access to age or ID verification tools, nor do they have the ability to impose restrictions based off age or ID verification (yet, there is rumored to be an age-verification access restriction beta going out, but it apparently doesnt use ID)

        source
  • SoupBrick@pawb.social ⁨12⁩ ⁨hours⁩ ago

    Called it.

    source
    • KelvarCherry@lemmy.blahaj.zone ⁨3⁩ ⁨hours⁩ ago

      And the “Tea” app leak happened right before these age-verification rules started popping up everywhere. It’s obvious cause and effect, but it was also demonstrated RIGHT before.

      Don’t put your hand on a hot stove, especially after watching someone burn their hand on that hot stove.

      source
      • panda_abyss@lemmy.ca ⁨1⁩ ⁨hour⁩ ago

        But the stove says it’s safe!

        source
  • rando@sh.itjust.works ⁨11⁩ ⁨hours⁩ ago

    I really wish there was a good competitor to Discord. I have not found one that has the same screen sharing feature. Revolt (now Stoat) gets close but lacks the screen sharing - something me and my friends use a lot. They are adding this soon so hopefully it is good

    source
    • MonkderVierte@lemmy.zip ⁨4⁩ ⁨hours⁩ ago

      that has the same screen sharing feature

      Uhm, yeah, it’s a chat app, not a screen-sharing app.

      source
      • CoyoteFacts@piefed.ca ⁨1⁩ ⁨hour⁩ ago

        Screen-sharing is part of chat apps nowadays. You’re fully within your rights to stay on IRC and pretend that featureful chat is not the norm these days, but that doesn’t mean society is going to move to IRC with you. Like it or not, encrypted chat apps have to become even more usable for the average person for adoption to go up. This reminds me of how all the old Linux-heads insisted that gaming was for children and that Linux didn’t need gaming. Suddenly now that Linux has gaming, adoption is going way up - what a coincidence.

        source
    • ISOmorph@feddit.org ⁨9⁩ ⁨hours⁩ ago

      Now more than ever peolple will have to choose between privacy and comfort. And not to be a dick, but now more than ever, people choosing comfort are fucking over people who choose privacy.

      source
      • jasoman@lemmy.world ⁨5⁩ ⁨hours⁩ ago

        I know that person he is me.

        source
    • whereyaaat@lemmings.world ⁨3⁩ ⁨hours⁩ ago

      It’s Matrix.

      We don’t need another competitor. We need more people using the federated option.

      Same thing with alternatives to windows. We already have it, but people are too stupid to use it.

      source
    • ProgrammingSocks@pawb.social ⁨5⁩ ⁨hours⁩ ago

      I don’t know why people keep saying this. You either pay for a service, or you get a company extracting as much data as they can from you for advertiser or VC money. Servers and bandwidth cost money

      source
      • arsCynic@lemmy.ml ⁨3⁩ ⁨hours⁩ ago

        I don’t know why people keep saying this. You either pay for a service, or you get a company extracting as much data as they can from you for advertiser or VC money. Servers and bandwidth cost money

        1. Some people pay for Discord and they still exploit their data.
        2. Some people pay for Lichess and their whole website is free of charge without tracking/advertising.

        Yes, things cost money. Yes, ideally pay who can pay for it should. No, something being free doesn’t legitimize unethical means to make a profit.

        source
      • Kissaki@feddit.org ⁨4⁩ ⁨hours⁩ ago

        Telegram is profitable through semi-pushing some cryptocurrency and selling premium. Various free-to-play games are profitable through the sale of optional content.

        There are alternatives in offering delayed or optional monetary costs.

        source
    • biotin7@sopuli.xyz ⁨6⁩ ⁨hours⁩ ago

      Matrix, XMPP, GNU-Jami & SimpleX

      source
      • Damarus@feddit.org ⁨6⁩ ⁨hours⁩ ago

        None of those come close to the features Discord has.

        source
        • -> View More Comments
    • Die4Ever@retrolemmy.com ⁨6⁩ ⁨hours⁩ ago

      Revolt is alright, but good luck getting people to join there lol, Discord is the only thing people are willing to join

      source
    • 9limmer@piefed.zip ⁨10⁩ ⁨hours⁩ ago

      Matrix or Jitsi with Lemmy or any popular forum software would be my suggestion. More secure and private but require some technical knowledge.

      source
      • PhilipTheBucket@quokk.au ⁨9⁩ ⁨hours⁩ ago

        Matrix is an absolutely pale imitation of Discord.

        Yes it is very upsetting that the most popular chat platform in the Western world is in league with Sauron, but Matrix as a replacement is a glorified ICQ client that regularly yells at you that your device is untrusted now and there’s no hope of fixing it, you loser.

        source
        • -> View More Comments
  • whereyaaat@lemmings.world ⁨3⁩ ⁨hours⁩ ago

    This shouldn’t surprise anyone with a brain.

    Anyone know where we can find the data?

    source
  • rozodru@piefed.social ⁨3⁩ ⁨hours⁩ ago

    /me chuckles from his IRC chat room

    and people will continue to use Discord.

    source
    • FishFace@lemmy.world ⁨2⁩ ⁨hours⁩ ago

      I held out for a return to IRC for a long time but the days of only getting messages when you’re online, or of setting up a bouncer or other solution, are just long gone.

      source
  • MoonRaven@feddit.nl ⁨9⁩ ⁨hours⁩ ago

    Sigh

    source
  • SugarCatDestroyer@lemmy.world ⁨3⁩ ⁨hours⁩ ago

    It’s a good thing I didn’t give out my phone number or passport and didn’t communicate via voice chat.

    source
  • maam@feddit.uk ⁨12⁩ ⁨hours⁩ ago

    More people need to use matrix and xmpp instead!

    source
    • whereyaaat@lemmings.world ⁨3⁩ ⁨hours⁩ ago

      Unfortunately, stupid people need to be advertised to in order to see value in a product these days.

      source