Support us on Patreon
PayPalOuch. This whole ongoing online safety thing is going well isn't it? Who could have guessed that some personal data would end up leaking? Everyone with a brain that even remotely understands the internet and technology.
Discord recently announced on October 3rd that a partner they were using for third-party customer service had been compromised. The attackers managed to swipe the likes of contact details, limited billing info, IP addresses, messages with customer service agents, limited corporate data and a "small number of government‑ID images".
Originally the article did not name the company involved, or how many were affected, but it was updated on October 9th to clarify after some misinformation spread online and named "5CA" as the company that was compromised. That and they also now note more clearly that "approximately 70,000" had their government ID photos exposed".
This is all to do with Discord's requirement to verify the age of people in some countries, but this is specifically to do with those who went through customer service for age-related appeals. So to be clear, Discord itself was not compromised, the third-party 5CA were the issue.
A thoroughly frustrating issue. One not just localised to the UK with the Online Safety Act, as more countries and US states have been slowly pushing out age verification requirements to various platforms. This issue of security and privacy is only going to get worse as time goes on. These laws have just added an extra burden to everyone, and made an even bigger target for bad actors to grab even more sensitive personal data from people.
Article taken from GamingOnLinux.com.
See more from me
You can also find comments for this article on social media: 
Why on earth do these sites keep the ID scans?? Validate the user, save the date date and a 'yes valid' checkmark. Then delete the damn id.that's what discord claimed it is doing, but this incident has exposed it as one fat lie.
Q: Is my data stored when I use Face Scan or Scan ID verification?
A: Discord and k-ID do not permanently store personal identity documents or your video selfies. The image of your identity document and the ID face match selfie are deleted directly after your age group is confirmed, and the video selfie used for facial age estimation never leaves your device.
Daddy and his old worn-out privacy concerns. Sigh.
Why on earth do these sites keep the ID scans?? Validate the user, save the date date and a 'yes valid' checkmark. Then delete the damn id.That is really the biggest wtf of this whole thing.
Age verification? Sure, do it.
In fact, should just be mandatory to access social media at this point (fully on board with Australia's plan here).
But there are honestly drastically better ways to do this than scanning and sending government IDs.
Such as how this has been done for many, many years in Finland for example. There are several ways to confirm your identity, often through your banking or mobile providers.
Those can confirm (after 2FA in general) that you are you and they could say "yes" or "no" when asked "is this person age X+?". No scanning, no webcam crap to compare ID and picture, just call an API with minimal data and get an answer to your query.
But even if you did it the oldschool way with government ID scanning - why the hell store them? That is just gross negligence.
Daddy and his old worn-out privacy concerns. Sigh.Think your kids might be right here.
There is no way your data is fully safe anywhere - you'd have to be off the grid, essentially, to achieve that.
And since that is the case, quite frankly: Why bother?
Take this very example, right?
So now some actors could find out person X has authenticated themselves on Discord.
Oh no, the horror.
Be reasonable with what you share of yourself in public (or semi-public) spaces and you'll be fine.
Because eventually, your data can and will very likely leak and your "anonymity" will be gone.
That's a much better lesson to teach kids than appear all tinfoil hat to them with cumbersome "solutions".
Last edited by TheSHEEEP on 10 Oct 2025 at 12:30 pm UTC
Additionally, Discord fucking sucks even without the privacy concerns, and is an actual hazard with them. The sooner we get a proper alternative that can be convincing for peers to jump ship, the better.
Why on earth do these sites keep the ID scans?? Validate the user, save the date date and a 'yes valid' checkmark. Then delete the damn id.
Hi! My name is Fred and I'm the CEO of a very large advertising agency. I would like to thank you for your very generous donation. Really, your information is worth millions to us. So thank you again for making sure I can keep living in my very large beach house in Florida and for making sure I can keep driving my Ferrari's!
Age verification? Sure, do it.
In fact, should just be mandatory to access social media at this point (fully on board with Australia's plan here).
Think your kids might be right here.
There is no way your data is fully safe anywhere - you'd have to be off the grid, essentially, to achieve that.And since that is the case, quite frankly: Why bother?
That's a much better lesson to teach kids than appear all tinfoil hat to them with cumbersome "solutions".
You are really living upto your username there Mr Sheep
Imagine the treasure trove up for grabs if digital IDs were to be implemented in the UK. And it will be grabbed, 100%. Hopefully the backlash against this will prove overwhelming and sanity will prevail.
just another tick box to add to your personal insurance plan for identity theft protection. That way companies benefit from the theft on both ends.
BUT WILL ANYONE THINK OF THE CHILDREN?!And their parents whose IDs they stole.
Whether we would get a well designed API, I don't know. But without a proper digital ID, we will keep getting passport photos used for age and identify verification
How to setup OpenMW for modern Morrowind on Linux / SteamOS and Steam Deck
How to install Hollow Knight: Silksong mods on Linux, SteamOS and Steam Deck