Discord DMs and Authentication Token Logged by ARC Raiders

An issue involving account connections between the chat application Discord and the game ARC Raiders resulted in private user data being logged locally.

Private Data Discovery

Timothy Meadows identified the issue in a blog post, noting that private Discord Direct Messages (DMs) between two users were recorded in plaintext to a local game log file during ARC Raiders gameplay. Additionally, a full Discord Bearer authentication token was found stored in the same log file.

Private Discord Direct Messages (DMs) and a full Discord Bearer authentication token were recorded in plaintext to a local game log file during ARC Raiders gameplay.

Embark Studios' Response and Hotfix

Embark Studios, the developer of ARC Raiders, addressed the matter in an announcement within their Discord community. The studio stated that a hotfix was being developed to resolve an issue where the Discord SDK logged excessive user information.

Embark Studios affirmed that private and/or personal data was not transmitted outside the user's machine, and the company has not reviewed or retained such information.

The Discord SDK logging functionality was disabled, and a deeper audit was initiated to prevent further issues. The hotfix was live at the time of the original article's publication.

Embark Studios affirmed that "private and/or personal data was not transmitted outside the user's machine, and the company has not reviewed or retained such information."

Broader Implications for Data Privacy

The incident highlights potential data privacy and security risks associated with linking accounts between different services, such as Discord and games. It demonstrates how information that users consider private can become accessible through integrated applications.

This incident underscores how information users consider private can become accessible through integrated applications, revealing inherent data privacy and security risks.