According to reports, Discord has been extorted by hackers who infiltrated a database containing sensitive age verification data for over 2.1 million users and threatened to leak this data.

In a post on X on Wednesday, the malware repository VX-Underground claimed that Discord is currently being extorted by hackers who breached their Zendesk instance, which contains user data. This data includes 2,185,151 photos used to verify the ages of 2.1 million users, including driver's license and passport photos.

VX-Underground stated, "Driver's licenses and/or passports of Discord users may have been leaked."

The breach occurred on September 20, when the data in Discord's Zendesk instance was hacked. Last Friday, the gaming-oriented instant messaging platform disclosed the incident, claiming that "the incident only affects a small number of users."

Discord stated, "An unauthorized party also obtained a small number of identity information images (such as driver's licenses and passports), which came from users who had appealed the age determination." Discord promised to alert affected users via email.

Some users have questioned the data storage, as Discord had previously promised that age verification data would be "deleted immediately" after confirming the age group. However, the leaked data did not originate from the age verification system itself, but rather from photos submitted to the help desk by users appealing the automated age verification system's determinations.

Many cybersecurity and privacy advocates strongly oppose online services implementing document checks for age verification. The reason is that when large amounts of sensitive data are stored on servers, it becomes an enticing target for malicious attackers, as evidenced by this breach.

Some individuals in the cryptocurrency and cryptography fields claim that there are safer alternatives. At the end of August, the Layer-1 proof-of-stake blockchain Concordium launched a mobile application that allows users to verify their age without revealing their identity.

The application relies on zero-knowledge proofs (ZK-proof) to mathematically verify the age proof provided by users without disclosing full details. This would prevent the accumulation of large numbers of file photos on servers, which could later be hacked.

Systems using ZK-proof do not rely on cryptocurrency. Google Wallet stated at the end of April that it has integrated ZK-proof technology for age verification.

Related: Major U.S. unions say Senate cryptocurrency bill lacks "meaningful safeguards"

Original article: “Photos of Identity Information for 2.1 Million Discord Users May Be Exposed in Massive Leak”

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。