this post was submitted on 08 Oct 2025
763 points (99.0% liked)

Technology

75967 readers
3022 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
763
The Discord Breach Might Be Worse Than We Thought, As The Hacker Is Said To Have Two Million Age Verification Photos (www.thegamer.com)
submitted 3 days ago by return2ozma@lemmy.world to c/technology@lemmy.world
125 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] AmbitiousProcess@piefed.social 123 points 3 days ago (7 children)

These were photos submitted via the compromised support provider (Zendesk) via the Discord support portal.

Automated age verification via their partner (k-ID, which has its own issues) is a separate system, which was only available to some users. Other users had to contact Discord support manually and submit photo ID, which went through Zendesk, which was then compromised in this breach.

https://support.discord.com/hc/en-us/articles/360041820932-Help-I-m-old-enough-to-use-Discord-in-my-country-but-I-got-locked-out

Additionally, for the automated process, it's the video selfie that's on-device and never transmitted, but photos of your ID and selfie photo are transmitted, just supposedly deleted afterwards. Those ones are *not included in this breach, as far as we're aware, as it's an entirely different third-party with wholly separate infrastructure.

[–] NuXCOM_90Percent@lemmy.zip 56 points 3 days ago (5 children)

Which is why you farm off stuff like this to third parties whenever possible

DiscordCorp will get a slap on the wrist and give people an offer of a free six months of discord turbo (so long as you provide payment info so it can auto-renew on month seven).

But ANY meaningful consequences will go toward Zendesk Corp for not doing what they were supposed to. And... then everyone will just use ZZendesk instead

[–] Warl0k3@lemmy.world 25 points 3 days ago (4 children)

Well, yeah. Discord isn't exactly at fault here, they're operating as best they can within the boundaries of a piece of legislation that could be best described as gods gift to the "I-told-you-so" crowd. This breach is exactly what everyone was warning would happen with the UK ID laws, and discord got stung first as they're one of the few companies trying to adhere to the law in good faith (which, yes, why in hell they're trying to do this is good faith is a very good question)

[–] Axolotl_cpp@lemmy.ml 5 points 3 days ago* (last edited 3 days ago)

Literally days ago i was accessing a nsfw channel and i got "well, you should send to us your ID and things so i can verificate you" and i thought "no way! I don't want to give my infos, if they have a data breach we are all doomed" and i ignore, well i don't want to say "i told you so" but...

load more comments (3 replies)
load more comments (3 replies)
load more comments (4 replies)