Gamers linking Discord accounts to "Arc Raiders" recently discovered a serious privacy vulnerability.
Security researcher Timothy Meadows reported that private Discord Direct Messages (DMs) were being written in plaintext to a local game log.
Embark Studios Responds With Hotfix
Alarmingly, the full Discord Bearer authentication token was also stored in the same file, according to Meadows' blog post. Although no data was transmitted externally, anyone with access to the local machine could potentially view sensitive information.
To address the issue immediately, Embark Studios, the developer of "Arc Raiders," quickly confirmed the issue on their official Discord. They explained that the Discord SDK logged excessive user data and emphasized that no information was left on players' machines.
A hotfix has now been deployed to disable the problematic logging, and it just took 30 minutes after the issue was reported, Kotaku reported. A full security audit is underway to prevent future breaches. Players concerned about account safety are advised to contact Embark's support team for guidance.
Lessons on Account Connections and Privacy
There's always a risk in connecting third-party accounts in games. Even trusted integrations like Discord can unintentionally expose sensitive data, including chat messages and authentication tokens.
If you're a gamer and want to value your privacy, you should start monitoring your linked accounts regularly. It's also important to understand what data is logged by third-party services. Always read the terms and conditions before proceeding to link your information.
We also recommend you stay updated with developer patches and announcements. It's an underrated practice that some players still miss.
Originally published on Player One
