Researchers have uncovered significant vulnerabilities in age verification systems used by platforms like Discord, leading to concerns about user privacy and potential data misuse. The exposed systems, particularly those provided by the vendor Persona, allowed access to sensitive user information, including identification documents and biometric data. These revelations follow a previous incident where 70,000 Discord users' IDs were compromised through a separate third-party vendor.

Security Lapses and Data Access
Security researchers have brought to light a critical issue concerning the Persona age verification system, which was briefly used by Discord.
A publicly accessible Persona frontend was discovered on a US government-authorized server.
Researchers found 2,456 files available for access on this exposed frontend.
The system, intended for age verification, is described as processing identity documents and selfies.
Persona's Role and Public Response
Persona provides identity verification services for several major online platforms, including Roblox, Discord, Reddit, and ChatGPT. The recent findings have prompted significant scrutiny.

Discord has stated it will not continue using Persona for age verification.
Persona CEO Rick Song has released email correspondence with security researchers regarding the allegations.
Researchers described the system as a "large-scale identity surveillance setup" that users were likely unaware of.
Previous Discord Data Breach
The concerns about Persona follow an earlier incident impacting Discord users.

In October 2025, hackers accessed a third-party service used by Discord for age verification.
This breach resulted in the potential exposure of identification documents belonging to approximately 70,000 users.
The compromised data included names, Discord usernames, email addresses, and other contact details.
Nature of the Exposed Persona System
The Persona system's architecture and the type of data it processes have raised specific alarms.
Read More: Uber Eats App Not Working in US and UK on Friday Causing Order Problems
The system outlines 269 distinct verification checks.
Researchers indicated that these checks involved direct government filings, rather than simple data integrations.
The presence of the system on dedicated infrastructure, separate from common cloud services, was noted as unusual.
Expert and User Reactions
The exposure of these vulnerabilities has led to widespread concern among users and security experts.
Users have expressed distrust regarding platforms handling sensitive personal information.
The trend of age verification legislation globally is seen as creating new targets for data exposure.
Experts advise users to be cautious of any application requesting biometric verification or government IDs.
Conflicting Narratives
While researchers have presented evidence of system vulnerabilities and potential surveillance, Persona has emphasized its privacy-focused approach.
Persona markets its tools as "privacy-focused compliance infrastructure."
CEO Rick Song has engaged in public correspondence to address the security researchers' findings.
The exact scale and intent of the data handling within the Persona system remain points of contention between researchers and the company.
Investigations and Future Implications
The revelations regarding Persona's exposed systems are under active investigation.
Discord has taken steps to end its relationship with Persona.
The incidents highlight the risks associated with third-party vendors handling sensitive user data.
Calls for stricter oversight and enhanced security protocols for identity verification systems are expected to increase.
Sources
Malwarebytes: https://www.malwarebytes.com/blog/news/2026/02/age-verification-vendor-persona-left-frontend-exposed
Piunikaweb: https://piunikaweb.com/2026/02/19/persona-age-verification-surveillance-allegations/
Secure.com: https://www.secure.com/blog/the-watchers-persona-code-leak
Ars Technica: https://arstechnica.com/tech-policy/2026/02/discord-faces-backlash-over-age-checks-after-data-breach-exposed-70000-ids/
Proton: https://proton.me/blog/discord-age-verfication-breach
Core Insights International: https://www.coreinsightsintl.com/post/discord-breach-exposes-70-000-government-ids-through-age-verification-vendor
Daily Security Review: https://dailysecurityreview.com/cyber-security/discord-confirms-potential-age-verification-vendor-breach-impacting-about-70000-users/