Earlier this year, Discord began testing a new age-verification process in the United Kingdom that required users to scan their government-issued ID. That has come back to haunt both Discord and the users who shared that info, as a new report suggests that millions of people may have had their ID and other info exposed during a recent data hack.

According to a statement on Discord's official site, the government-issued ID of 70,000 users may have been exposed when a third-party service provider, 5CA, was hacked. Discord had contracted 5CA to handle age-verification duties.

Discord went on to state that none of its messages were breached beyond exchanges with customer support or trust and safety agents.

gee i WONDER who could have POSSIBLY PREDICTED THIS

Cyber Security News' follow-up report puts the number of stolen government IDs at 2.1 million, and added that the final number of affected people may be approximately "5.5 million unique users across 8.4 million support tickets."

The report adds that the hackers attempted to extort Discord with a total of 1.5 terabytes of stolen data, which potentially includes usernames, email accounts, IP addresses, and the last four digits of credit card numbers.

Discord has stated that full credit card numbers and CCV codes weren't included in the breach, and added that it is working with law enforcement while notifying affected users by email.

The ID photographs of the affected users could also be leaked, which was one of the reasons the UK faced pushback over this requirement. golly I wonder why

it's almost like this was a huge fucking security problem in the making

Every infosec person in the world knew this would happen.

shocked.

for the fuckteenth time britan has fucked over the world

literally everyone knew this would happen

i would even argue that the people who pushed this through knew it would happen but they didn't care

because they were so desperate for that sweet, sweet control

wooow.............it's all the things that everyone who has half a brain and understands security warned the politicians about :V

it's almost like the politicians don't care and made themselves exempt from ID laws on purpose

y'all over in the UK I'm just gonna say this: I think it's time to toss out your parliament for actively endangering the security of citizens

yeah see, the fact that they went out of their way to say 'oh but not for us, we don't need to show ID' just confirms it to me that they knew this would happen

but they care more about controlling what people do than our safety

I hope the EU citizens look at this and read between the lines that any politician that wants to destroy encryption or do ID laws like this does not have their safety or privacy in mind and riots, also

I am not an EU or UK citizen thus I can say that the citizens should riot

hey guess what the data breach just hit me and was sending crypto scams to people

im not an EU citizen so like

this has hit everyone

change your passwords etc

who fucking knew?

Oh I saw that live starcrossedsky was at my house and was like “why is yak messaging me” and I caught a glimpse of a message that was just all blue url and I was like hm that looks scammy and then he went to check his FC discord and saw that it was Everywhere

the hilarity of discord trying to simper me into doing age verification WHILE this hack was happening. i genuinely hope this gets them into hot water but it won’t

I still haven't done it. And I'd only do the face, never send anybody my fucking ID. Like, whose dumb idea is this? (I know it was the Tories, but Labour have done fuck all about it.)

labour even impressively doubled down on it!