Hi Reader,
In this week’s news, we’ve seen another substantial breach — this time at Discord, the platform millions of us use daily for chat, calls, and community.

An attacker gained access to a third-party vendor handling Discord’s age-verification appeals.
During just 58 hours of access, they made off with the sensitive ID images of more than 70,000 users — passports, driver’s licences, and more.

While serious on its own, this breach is a symptom of a much bigger issue.

⚖️ Laws Without Guardrails

Across the US, UK, and now Australia, new “protect the children” laws are rolling out. These require social platforms to verify user age — often on a short timeline — but without clear rules on how the collected data must be stored or protected.

So companies turn to third-party verification providers. Those providers, in turn, become the weak link.

When those third parties are breached, it’s not just usernames — it’s real names, faces, and government IDs being stolen.

💡 There’s a Better Way

Instead of uploading your ID to every platform, the future lies in Zero-Knowledge Proofs — secure systems that can simply answer “yes” or “no” to whether a user meets an age threshold, without revealing any private information.

We already have identity providers capable of doing this safely. They just need to be used properly.

💰 The Cost of Carelessness

The familiar corporate line — “Don’t worry, your data is safe with us” — doesn’t cut it.

For those 70,000 users, this breach could mean enough personal data in criminal hands to:
- Take out loans in their name,
- Commit identity fraud, or
- Build targeted phishing attacks nearly impossible to detect.

Cybercrime is now the third-largest economy in the world, behind the US and China.
It’s not about if data is exploited — it’s when.

🛡 What You Should Do Now

• Check your email. Discord should notify you if your data was part of the breach.
• Stay alert for phishing. Scammers may use this info to impersonate support staff or contacts.
• Monitor your finances for suspicious transactions.
• Use unique passwords and MFA across all your accounts.
• Avoid uploading IDs unless absolutely necessary — and only to trusted, regulated services.
• Request data deletion from platforms that have your ID stored.
• Freeze your credit if possible. It’s a hassle when you apply for a loan, but far easier than untangling debt caused by identity theft.

Stay safe out there,
Mat C

Joke: I used to be indecisive, but now I’m not so sure. 😅

P.S: To help minimise your own exposure in future breaches, check out SecureAlias — my email masking service. I’ve personally used it over 30 times, and it’s saved me from spam, tracking, and marketing overload.

One site I tested sent me 80 emails in 5 days. With SecureAlias, I silenced them instantly — no unsubscribing, no fuss. If that address ever leaks in a breach, it won’t expose any of your other accounts. Total control, total peace of mind.