Discord disclosed on Wednesday that around 70,000 users may have had sensitive data — like their government ID photos — exposed after hackers breached a third-party vendor that the platform uses for age-related appeals.
A Discord user would make an “age-related appeal” if the platform suspects they may be underage, or if they live somewhere that requires identity verification for platform access. In those cases, users are asked to send a selfie holding their government ID and Discord username to the platform’s Trust & Safety team.
Discord said it has contacted affected users, whose exposed data may also include their IP addresses, which can reveal the general area where a user lives.
According to the news site 404 Media, this data breach may be larger than Discord has reported so far. The hackers claim that they stole 1.5 terabytes worth of data, which could encompass much more than 70,000 images. A Discord spokesperson told The Verge that these claims are “incorrect and part of an attempt to extort a payment.”
The breach of Discord users’ data illustrates the concerns that digital rights activists have expressed over the use of age checks as a means of making the internet “safer.”
Age verification laws, which require users to upload sensitive information like the government IDs exposed in this breach, have been enacted in about half of U.S. states, usually for websites that host pornography. Pornhub, one of the most popular adult video sites, has blocked traffic from these states altogether to avoid enforcing age checks.
Lay’s embraces its ‘healthy’ side with its biggest rebrand ever and a new logo