alt Hacker NewsDiscord says 70k users may have had their government IDs leaked in breach
Comments
ZenDesk boasts on this:
”Discord's investments in AI-driven self-service with the Zendesk CX platform have enabled the company to provide seamless support.”
Why does discord have gov IDs? At this point we already have the tech to prove using zero knowledge that we have an ID
Companies usually promise that the ID would be used only for validation and then immediately deleted. How so many IDs could leak then? They verify millions of IDs per month?
Discord uses Zendesk (1). However in the press release they don't name the third party that was compromised, and Zendesk denies that it was their service.
What other third party was Discord using if not Zendesk? Who's reputation are they protecting?
You've got to be a complete moron uploading your gov ID to discord
Asking this out of curiosity: is it a requirement, that such data is being stored once the verification process is completed?
When can people start going to jail for this kind of thing
This is not OK, and the reporting is not OK.
Opening with:
> Discord has identified approximately 70,000 users that may have had their government ID photos exposed as part of a customer service data breach announced last week, spokesperson Nu Wexler tells The Verge.
Then a big PR quote, letting a potential wrongdoer further spin it.
Then closing with:
> In its announcement last week, Discord said that information like names, usernames, emails, the last four digits of credit cards, and IP addresses also may have been impacted by the breach.
This is awful corporate PR language, not journalism, on a big story about probable corporate negligence resulting in harm to tens of thousands people.
Here's the bare minimum kind of lede I expect on this reporting:
Discord may have leaked sensitive personal information about 70,000 users -- including (but not necessarily limited to) government IDs, names, usernames, email addresses, last 4 digits of SSN, and IP addresses.
I'm ready to block both Discord and The Verge.
I didn't feel comfortable giving discord my phone number when they demanded it, so I lost access to the open source communities that insist on collaborating there.
I wish breaches like this would cause people to reconsider their choices but sadly, it's unlikely most users will move.
Why are they permanently storing government ID's?
The hackers claim they have data of 5.5 million, discord is saying 70k. Hmmmm
Why. I see Australia is intending on blocking YouTube and other platforms. Expect this more regularly
KYC is a bug
Why haven't zero knowledge proofs shined in this area? Can anyone explain?
How many times the same thing... most even tell you that they verify you and then delete your ID.
ZK proofs cannot become mainstream fast enough.
What is the use case for uploading your government ID to Discord?
Why is it still so hard to identify yourself online?
Wait already? I was hoping to hear about it next year. Maybe it’s a good thing that it happened early so they can fix?
Oh no! Anyway software engineers are not real engineers so nobody will be held accountable.
Those are rookie numbers.
Time to pump up those numbers…
we publish this every year or so: https://qbix.com/blog/
I once accidentally set an incorrect birth year on Twitter. They locked me out of my account and insisted that I upload a government ID to unlock my account.
.... The government ID's they only started asking for as a bullshit requirement after running for like 10 years without needing them?
At some point we'll start seeing companies that rotate your passwords automatically and integrate with your autologins, and send immediate reports of breaches / suddenly failing logins.
Wait. Why isn't this a thing
[dead]
[flagged]
I don't know if I just became cynical and jaded, but is this really surprising to anyone in any way? Any time I give out my personal information to anyone for any reason, I basically treat it as 'any member of public can now access it'.
Even if a service doesn't have it in their TOS that they sell it to 3rd parties, they might do it anyway, or there will, sooner or later, be a breach of their poorly secured system.
To make it clear - I don't particularly blame any one corporation, this is a systemic issue of governments not having/not enforcing serious security measures. I just completely dropped the expectation of my information being private, and for the very few bits that I do actually want to stay private, I just don't, or allow anyone to, digitalize or reproduce them at all in any way.