An “unauthorized party” may have accessed the names of users, the last four digits of credit card numbers, and more.
  • frustrated_phagocytosis@fedia.io
    240·
    2 days ago

    No, that can’t be right. Forced use of photo ID for age verification couldn’t possibly lead to leakage of said IDs. The purity police assured us!

  • Rooty@lemmy.worldEnglish
    69·
    2 days ago

    Official statement from Discord: “Oopse woopse we did a fucky wucky. Sue us hahaha you won’t”

  • Broken@lemmy.mlEnglish
    12·
    2 days ago

    My take on this is a little more fundamental than the whole ID/age thing. We all knew this would happen, and why? Because nobody has addressed the first problem. Security is only as strong as the weakest link, and companies are not transparent with customers.

    Companies spell out in their Terms and Privacy statements that they have Affiliates that data gets shared with. And they want you to accept them all blindly, without clarifying who they are and what they do.

    Even here, with a reported breach, they are not naming them and just calling them “third party”. So they screwed up and many people have their information and IDs out in the wild because if them, but we don’t even get to know who they are?

    His are we to trust a company of we don’t know who they’re in bed with? How are we to rate their security and assess our risk of using their service without all the information?

    As far as I can tell Discord handled it pretty well as far as breaches go. But maybe if I know they are using a shit company as one of their vendors I might think twice about using them.

    Its the same logic as the next article in my feed, where crunchyroll is getting pushback from the subtitle service they are using. And that’s not even their own security in mind. People make choices based on what companies do, so be transparent with it all and we will have the warm fuzzies if things match up. If they don’t then the company gets customer feedback so they can adjust.

    • pathief@lemmy.worldEnglish
      14·
      2 days ago

      When I use the linux or web client it asks for a selfie with my ID card when I try to enter a server.

      Works fine on Android.

      Contacted support, they say my account is not flagged as underage but I have to submit the photo anyway. I told them i won’t.

    • ErmahgherdDavid@lemmy.dbzer0.comEnglish
      9·
      2 days ago

      In the United Kingdom yes because of our authoritarian Online Safety Act that came into power earlier this year. If I join a discord channel marked as nsfw I get a prompt for id which I bypass with a VPN in another country.

    • ITeeTechMonkey@lemmy.worldEnglish
      2·
      2 days ago

      It’s used by some Discord communities to prevent spam/bots. This would be inconjunction with other measures like how some communities require a verified email or to have a phone number associated with your account.

      • Warl0k3@lemmy.worldEnglish
        8·
        2 days ago

        While those exist, those wouldn’t have been affected by this breach (or if they were it was only incidentally) - those communities are not using Discord’s age verification but are doing it through DMs (or a 3rd party service). Discord communities do not have access to age or ID verification tools, nor do they have the ability to impose restrictions based off age or ID verification (yet, there is rumored to be an age-verification access restriction beta going out, but it apparently doesnt use ID)

  • Rando@sh.itjust.worksEnglish
    19·
    2 days ago

    I really wish there was a good competitor to Discord. I have not found one that has the same screen sharing feature. Revolt (now Stoat) gets close but lacks the screen sharing - something me and my friends use a lot. They are adding this soon so hopefully it is good

    • ISOmorph@feddit.orgEnglish
      18·
      2 days ago

      Now more than ever people will have to choose between privacy and comfort. And not to be a dick, but now more than ever, people choosing comfort are fucking over people who choose privacy.