After researchers found that its front-end code was publicly available, even on servers owned by the US government, Discord severed its connection with Persona, its identity verification program.
Nearly 2,500 files were made public on a government-approved endpoint, according to a blog post published by X researchers on February 16, 2026. According to Fortune, the documents showed that Persona, an AI-powered verification platform that was partly financed by the venture capital firm Founders Fund, which was co-founded by Palantir cofounder Peter Thiel, performed face recognition checks and checked individuals against watchlists that were politically sensitive.
According to Fortune, Persona performs 269 distinct verification checks in addition to age verification. These checks include keeping an eye out for unfavorable media coverage in a variety of sectors, including terrorism and espionage, before assigning risk and similarity scores to user data.
The researchers noted that the endpoint "tags reports with codenames from active intelligence programs" and that "we didn't even have to write or perform a single exploit, the entire architecture was just on the doorstep."
According to Discord, the collaboration involved a small test group and lasted less than a month. The business claims that data submitted may be kept for a maximum of seven days before being removed. Persona continues to offer age verification services for OpenAI, Lime and Roblox, with some funding from Peter Thiel's Founders Fund.
This comes after Discord's handling of third-party data came under investigation. Through customer assistance company 5CA, hackers gained access to nearly 70,000 individuals' government IDs last year. "At Discord, protecting the privacy and security of our users is a top priority," the company stated at the time.
"What was found was uncompressed files of a front end that's already on every single person's device," Persona CEO Rick Song told Fortune, dismissing allegations of a vulnerability. "We have no relationship whatsoever with ICE, Palantir," he continued.
Earlier this month, Discord said that it would soon provide "teen-by-default" settings worldwide, which sparked criticism. Access to age-restricted features now requires age verification through Persona.
Users alleged an October 2025 data breach that exposed over 70,000 official IDs, despite Persona's assurances that uploaded papers and media would be promptly deleted and never stored.
On October 9, 2025, Discord issued a statement regarding the breach, blaming its previous third-party service provider, 5CA, for the error.
The hackers broke into Discord's Customer Support and/or Trust & Safety systems, the company stated. "Recently, we discovered an incident where an unauthorized party compromised one of Discord's third-party customer service providers."
Discord claimed that as soon as it became aware of the attack, it acted quickly, removing the provider's access, initiating an internal investigation with a forensics company, and contacting law enforcement.
"At Discord, safeguarding our users' privacy and security is our first priority," the business stated in the statement. "We value being open and honest with them about events that affect their personal information because of this."
