{“lastseen”:”2026-02-20T16:05:07″,”description”:”Three researchers investigating Discord\u2019s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far more expansive surveillance and financial intelligence stack than a simple \u201cteen safety\u201d tool.\\n\\nA short while ago we reported that Discord will limit profiles to teen-appropriate mode until you verify your age. That means anyone would wants to continue using Discord as before would have to let it scan their face\u2014and the internet was far from happy.\\n\\nTo analyze these scans, Discord uses biometric identity verification start-up Persona Identities, Inc. a venture that offers Know Your Customer (KYC) and Anti-Money Laundering (AML) solutions that rely on biometric identity checks to estimate a user\u2019s age.\\n\\nTo demonstrate the privacy implications, researchers took a closer look and found a publicly exposed Persona frontend on a US government\u2013authorized server, with 2,456 accessible files. \\n\\nYou read that right. According to the researchers, the exposed code, which has now been removed, sat at a US government-authorized endpoint that appears to have been isolated from its regular work environment.\\n\\nIn those files, the researchers found details about the extensive surveillance Persona software performs on its users. Beyond checking their age, the software performs 269 distinct verification checks, runs facial recognition against watchlists and politically exposed persons, screens \u201cadverse media\u201d across 14 categories (including terrorism and espionage), and assigns risk and similarity scores.\\n\\nPersona collects\u2014and can retain for up to three years\u2014IP addresses, browser and device fingerprints, government ID numbers, phone numbers, names, faces, plus a battery of \u201cselfie\u201d analytics like suspicious-entity detection, pose repeat detection, and age inconsistency checks.\\n\\nAt a time when age verification is very much a hot topic, this is not the kind of news to persuade privacy advocates that age verification is in our best interest. Sending data obtained during age verification checks to data brokers and foreign governments\u2014reportedly Persona was tested by Discord in the UK\u2014will not install the level of trust needed for users to feel comfortable submitting to this kind of scrutiny.\\n\\nThis comes amid broader questions about whether age verification is actually doing what it\u2019s supposed to do. Euronews looked at the effect of Australia\u2019s world-leading ban on social media for under-16s. Australia\u2019s new rules have only been in force for six weeks, but while the country\u2019s internet regulator says it has shut down about 4.7 million accounts held by under\u201116s on platforms like TikTok, Instagram, Snapchat, YouTube, X, Twitch, Reddit, and Threads, children and parents describe a very different reality. Interviews with teenagers, parents and researchers indicate that many children are still accessing banned apps through simple workarounds.\\n\\nAccording to The Rage, Discord has stated it will not continue to use Persona for age verification. However, other platforms reported to use Persona include:\\n\\n * **Roblox** : Uses Persona\u2019s facial age estimation and ID verification as the core of its \u201cage checks to chat\u201d system.\\n * **OpenAI \/ ChatGPT** : OpenAI\u2019s help center explains that if you need to verify being 18+, \u201cPersona is a trusted third-party company we use to help verify age,\u201d and that Persona may ask for a live selfie and\/or government ID.\\n * **Lime:** The ride-sharing service deploys custom age verification flows with Persona to meet each region’s unique requirements.\\n\\n\\n\\n* * *\\n\\n**We don ‘t just report on threats – we help protect your social media**\\n\\nCybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.”,”published”:”2026-02-20T14:08:39″,”modified”:”2026-02-20T14:08:39″,”type”:”malwarebytes”,”title”:”Age verification vendor Persona left frontend exposed”,”source”:””,”references”:””,”id”:”MALWAREBYTES:AAC4C47E6D764C495FFAA1086EFFEEC4″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2026\/02\/age-verification-vendor-persona-left-frontend-exposed”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-20T16:05:07″,”description”:”Three researchers investigating Discord\u2019s age-verification checks say they discovered an exposed frontend belonging to Persona, the identity-verification vendor used by Discord. It revealed a far…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-41927","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n