Overview
- Security researchers found a publicly accessible Persona frontend on a US government–authorized endpoint with 2,456 files, which were later removed.
- The exposed materials describe 269 verification checks across 14 types, including facial matching against watchlists and politically exposed persons and screening for adverse media such as terrorism and espionage.
- Documentation reviewed by researchers indicates Persona can collect IP addresses, device fingerprints, government IDs, phone numbers, names, and selfies with analytics, with potential retention of up to three years.
- Discord says it has launched an internal review and strengthened safeguards; some users in the UK reported notices stating Persona could retain submitted data for up to seven days during checks.
- Reporting cites Discord as indicating it will not continue to use Persona for age verification, while user backlash grows with polls, canceled subscriptions, and surges in searches for alternatives.