The Discord Hack is Every User’s Worst Nightmare — Why Uploaded IDs are a Problem
“A hack impacting Discord’s age verification process shows in stark terms the risk of tech companies collecting users’ ID documents. Now the hackers are posting peoples’ IDs and other sensitive information online.”
This was EXACTLY my concern about having to upload one's ID document to any private (or government) website. Neither a private organisation nor most government websites are immune to hacking. A password is easy to change, but an ID document is often a nightmare to change, and the ID number anyway stays the same.
A fine does absolutely zero to benefit any end users, either. In South Africa we do have the POPI Act that has restrictions on what sort of data may be collected and stored about individuals, but in practice that is still a big problem as companies always want to collect for the sake of collecting. We've yet to see any CEO or a government official do jail time for weak controls of hacked sites.
We need more severe penalties for companies (and governments) who lose control of private data, as well as for the hackers, and also to limit want really needs to be collected. At least I am finding now most banks and private organisations, who require some personal data for tax purposes, do insist it is encrypted with a password before sending over e-mail. Things are improving, but are still way behind where they need to be by now in 2025.
See
https://www.404media.co/the-discord-hack-is-every-users-worst-nightmare#
technology #
privacy #
hacks
