An “unauthorized party” may have accessed the names of users, the last four digits of credit card numbers, and more.
  • redwattlebird @lemmings.worldEnglish
    2·
    1 hour ago

    I tried getting my friends to move to any other chat client but the thing that keeps them on discord is the screen share. Like it or not, this feature is what’s locking people in as a one stop shop game streaming chat.

    • WhyJiffie@sh.itjust.worksEnglish
      1·
      44 minutes ago

      did you ever use jitsi? its not a chat platform, but one for video calls. it supports screen sharing and its very good. it works standalone, there are public instances

      matrix used to use jitsi for group calls. I don’t know what does it use now as a transition to an in house service has been in the works for a few years now, and element call just now starts to get mature enough, but I’m almost sure you can do screen sharing right now too. but try to check how usable it is before you try to get your friends to use it. if it doesn’t work well, they may not accept your advice (as easily) in the future to switch chat providers

      • redwattlebird @lemmings.worldEnglish
        2·
        41 minutes ago

        Absolutely! I brought it into another group for corporate stuff and it was great. We also used it over COVID lockdown for games with another group of friends.

        I’ll do more research on Matrix and see if i can set something up for a truly seamless transition. Thanks for the suggestion!

  • echo@lemmy.tfEnglish
    11·
    4 hours ago

    Ah yes, another reason not to give me ID to these tech companies. Anyone that demands my ID online can go fuck themselves while I find a replacement service.

  • fmstrat@lemmy.nowsci.comEnglish
    12·
    5 hours ago

    Best part:

    The unauthorized party gained access to “information from a limited number of users who had contacted Discord through our Customer Support and/or Trust & Safety teams”

  • Broken@lemmy.mlEnglish
    11·
    8 hours ago

    My take on this is a little more fundamental than the whole ID/age thing. We all knew this would happen, and why? Because nobody has addressed the first problem. Security is only as strong as the weakest link, and companies are not transparent with customers.

    Companies spell out in their Terms and Privacy statements that they have Affiliates that data gets shared with. And they want you to accept them all blindly, without clarifying who they are and what they do.

    Even here, with a reported breach, they are not naming them and just calling them “third party”. So they screwed up and many people have their information and IDs out in the wild because if them, but we don’t even get to know who they are?

    His are we to trust a company of we don’t know who they’re in bed with? How are we to rate their security and assess our risk of using their service without all the information?

    As far as I can tell Discord handled it pretty well as far as breaches go. But maybe if I know they are using a shit company as one of their vendors I might think twice about using them.

    Its the same logic as the next article in my feed, where crunchyroll is getting pushback from the subtitle service they are using. And that’s not even their own security in mind. People make choices based on what companies do, so be transparent with it all and we will have the warm fuzzies if things match up. If they don’t then the company gets customer feedback so they can adjust.

  • Annoyed_🦀 @lemmy.zipEnglish
    20·
    11 hours ago

    One of Discord’s third-party customer service providers was compromised by an “unauthorized party,” the company says.

    So, not Discord but a 3rd party company that handle Discord’s customer service, and if you didn’t use their customer service then you’re not affected.

    • masterofn001@lemmy.caEnglish
      5·
      52 minutes ago

      So, Discord - by forcing your acceptance of their tos which renders them immune from damages done by "third parties*

      By offloading a term of service that Discord requires you to provide.

      If they force you to give the info, they are responsible for handling and storing it properly, no matter what some evil lawyer or exec says.

      If laws make bad things legal because rich people can use words, then there needs to be some form of redress to return the spirit of the laws to the people.

      Maybe we all make usernames with a legally binding personal ToS that is deemed agreed upon by the corporation accepting the username.

      This is just a shell game and they are conmen.

      • masterofn001@lemmy.caEnglish
        1·
        47 minutes ago

        Moral of the story - tech co’s and gov id requirements are evil and have no basis in actual security.

        Now that peoples data has been exposed, they are susceptible to id theft. So, how does a site or gov deal with that?

        There suddenly are over 9000 Stan Smith’s on the site. Weird.

        Well, guys, for the safety of… … (Murmuring… We’re using the kids as justification this time or terrorism… Kids. OK.) the children, we will require a blood sample to verify your genetic code.

        Thank you and have a nice day and welcome to gattaca.

  • sol6_vi@lemmy.makearmy.ioEnglish
    292·
    12 hours ago

    I wish I could convince my giant discord community to go anywhere else. It’s so fucking hard. I’ve built IRC networks and a matrix server. I host every fediverse app imaginable. I hate being attached to this company and my income being reliant on it.

    • Dran@lemmy.worldEnglish
      17·
      11 hours ago

      Back in the day when our community was switching from xmpp to discord, our solution was to write a bot on either end that relayed messages from one to the other. The xmpp bot got more and more naggy over time until eventually we put the xmpp side in read-only for everyone except the relay bot. It did a good enough job at building momentum to switch that the final holdouts came over when we went r/o.

      You might consider building something similar if you want to make a genuine effort to switch to matrix or IRC. A relay bot solves the problem of the first people being punished by virtue of being first.

      • sol6_vi@lemmy.makearmy.ioEnglish
        6·
        11 hours ago

        Its a good suggestion and something I’ve considered. Unfortunately we’re using conduit as our server and that type of integration doesn’t seem to work well outside of synapse. That said I know some people have gotten it working I just need to dig a little deeper. It’s a chore for sure but it seems like the only path forward.

    • Brewchin@lemmy.worldEnglish
      22·
      11 hours ago

      FTA: The IDs leaked were from people appealing age verification.

      That’s different from the age verification process, which goes through a third party provider.

      In short, the leaked IDs were from a standard shitty support platform (Zendesk, Salesforce, etc), not the much-advertised “safe and private” age verification system.

    • kbobabob@lemmy.dbzer0.comEnglish
      16·
      12 hours ago

      Very first question in FAQ:

      Q: Does Discord or k-ID keep my selfie data?

      A: Discord only logs the k-ID age verification results used to unlock your account—it doesn’t save your selfie image. For questions about k-ID’s processes, please contact k-ID.

      So they are going to blame someone else.

  • Rooty@lemmy.worldEnglish
    92·
    18 hours ago

    Official statement from Discord: “Oopse woopse we did a fucky wucky. Sue us hahaha you won’t”

    • HexesofVexes@lemmy.worldEnglish
      261·
      14 hours ago

      This was kind of breach so predictable even surprisedpikachu.txt isn’t enough, but it must be done.

      ⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿ ⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿ ⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿ ⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿ ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿

      • I Cast Fist@programming.devEnglish
        7·
        12 hours ago

        put the pikachu part in code so it’ll render monospaced ;)

        ⢀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⠀⣠⣤⣶⣶
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⠀⠀⢰⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣀⣀⣾⣿⣿⣿⣿
⣿⣿⣿⣿⣿⡏⠉⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⣿
⣿⣿⣿⣿⣿⣿⠀⠀⠀⠈⠛⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⠉⠁⠀⣿
⣿⣿⣿⣿⣿⣿⣧⡀⠀⠀⠀⠀⠙⠿⠿⠿⠻⠿⠿⠟⠿⠛⠉⠀⠀⠀⠀⠀⣸⣿
⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⣴⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⢰⣹⡆⠀⠀⠀⠀⠀⠀⣭⣷⠀⠀⠀⠸⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠈⠉⠀⠀⠤⠄⠀⠀⠀⠉⠁⠀⠀⠀⠀⢿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⢾⣿⣷⠀⠀⠀⠀⡠⠤⢄⠀⠀⠀⠠⣿⣿⣷⠀⢸⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⡀⠉⠀⠀⠀⠀⠀⢄⠀⢀⠀⠀⠀⠀⠉⠉⠁⠀⠀⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⣿
  • frustrated_phagocytosis@fedia.io
    294·
    22 hours ago

    No, that can’t be right. Forced use of photo ID for age verification couldn’t possibly lead to leakage of said IDs. The purity police assured us!