Discord Security Incident: No k-ID Involvement

Repost from Tony Allen, Age Check Certification Scheme

‍
STATEMENT: Apparent Data Breach relating to age verification data held on behalf of Discord Inc.

October 9, 2025

We are aware of the recent Discord security incident, which involved a third-party customer service provider and appears to have resulted in the exposure of certain customer IDs and documents.

We have investigated this matter and the extent to which it may relate to our certified client k-ID, an age verification orchestration service provider used by Discord. We are satisfied that this incident does not involve k-ID. Their systems and partners’ systems have not been breached. Our assessment and certification of k-ID is that they never store ID documents, so this category of data is not at risk within their ecosystem.

Our investigations have revealed that a different service provider of customer service solutions may have been handling complaints on behalf of Discord (neither of which are certified by ACCS). These may have related to failed attempts at age verification. Those complaints were not referred back to k-ID and were apparently handled by the customer services third party. We are not able to comment on what that third party may, or may not, have done - nor on the appropriateness of their data handling and security practices because they are not a certified client of ACCS.

You can find further information about all of our certified clients at https://www.accscheme.com/. I can assure you that our auditors take scrupulous care to ensure appropriate and safe data handling practices - with a focus on data minimisation and purpose limitation - of our clients and in accordance with our authorisation by the Information Commissioner's Office to provide UK GDPR Art.42 approved certification.

‍

‍