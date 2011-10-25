from the laughing-in-IRC dept.
Discord has revealed that one of its customer service providers has suffered a data breach. The attackers gained access to Government-ID images, and user details.
Discord doesn't actually mention when the breach took place, it only says it "recently discovered an incident". The fact that Government ID images were stolen is important, the U.K.'s Online Safety Act came into effect on July 25, 2025. So, that means the data breach happened sometime between then and October 3rd, when the news about the incident was revealed. It's also worth noting that the victim of the hack was a third-party customer service that has not been named.
As for the attack, the incident involved an unauthorized party compromising one of the messaging services' customer service providers, which in turn allowed the hackers access to limited customer data, pertaining to those who had contacted Customer Support and/or Trust & Safety teams. Discord says it revoked the breached service provider's access to its ticketing system. It is investigating the matter with the help of a computer forensics firm, and is working with law enforcement. Users who were impacted by the incident are being notified via an email that is sent from [email protected]
Here's what Discord says the hackers managed to access: Name, Discord username, email and other contact details that were provided to customer support, billing information such as payment type, the last four digits of credit cards, and purchase history of the accounts, IP addresses, messages with customer service agents, and limited corporate data (training materials, internal presentations).
"The unauthorized party also gained access to a small number of government?ID images (e.g., driver's license, passport) from users who had appealed an age determination. If your ID may have been accessed, that will be specified in the email you receive."
(Score: 2) by Ox0000 on Sunday October 12, @08:09AM
Meh, just another day, just another breach...
F'all will change because it's not the company's data that was breached, it's the data for its
cattle products marksdamnit, I mean 'valued community members'.
Here's the corporate communications playbook for how these kinds of events typically play out:
Now regardless of this particular breach, and I'm in no way intending to downplay the effects that this breach will have on those affected by it; I have a genuine question: why are gov issued IDs sensitive?
I have a hard time believing that it's because of the inherent data on them. This leads me to believe that it's sensitive because of how companies - specifically companies, not govs (govs are different) - are dealing with the data on those documents. It seems similar to me as how SSNs have become de-facto passwords in the US even though the SSA explicitly instructs that "SSNs should not be used as identifiers" on their web site.
To me, the problem is not the data on these documents or even the document itself, it's that the data on these documents is used as "some secret that will get you access to other data, money, or services".
The problem seems to reside in the usage of the data on these documents.
(Score: 2) by turgid on Sunday October 12, @10:17AM
They seem determined to give us this Digital ID single point of failure. Push back [bigbrotherwatch.org.uk].
I signed a petition, which was very popular. In the email reply, the TL;DR was essentially, "You're getting it whether you like it or not. Suck it up."
Push back more.
