These three hackers accidentally just found a huge surveillance system that was hiding behind age checks. You see, Celestea, MDL, and Dierwa were looking for ways to bypass the age verification provider called Persona since so many companies started using them recently, including platforms like Roblox and Discord. But according to this massive report they just posted, what they accidentally found instead was that apparently Persona, Open AI, and the US government were using face scans to build an identity surveillance system that basically confirms what people already suspected about age checks.

So apparently Persona left a front end connected to a US government authorized server with over 2,000 internal files just sitting there completely exposed. And the most important findings were that when you submit a face scan or a government ID, both of them get put on a watch list that starts tracking you under 13 different list types from digital fingerprints and device IDs all the way to geolocation. And the system can even track any crypto addresses you might connect to for a total of 269 verification checks that get tied to a single identity. And the craziest part is that these hackers didn't break the law to find all this data. This information was just left completely exposed for anybody that knew exactly where to look.

Discord's third party vendor Persona just got hacked and exposed. Anyone who did age verification with Discord, and by extension Persona, could be extensively tracked and watched. New video will be up at 10:40 AM PST pic.twitter.com/DUYL2957X6

— DeepHumor (@DeepHumor) February 20, 2026