It has been discovered that ARC Raiders players may be open to a serious security breach.
Reported by computer engineer Timothy D. Meadows, ARC Raiders is allegedly hosting a serious data breach for users who have activated in-game Discord integration.
Posting on his personal blog, Meadows wrote: âDuring gameplay of Arc Raiders, private Discord Direct Message (DM) conversations between two users were found being written in plaintext to a local game log file.”
This is incorrect. Messages cannot be sent on the users behalf.
He later issued a correction saying âI originally reported that the bearer token had the ability to send a message on the user behalf. This was in error due to my misunderstanding of the permission rpc.voice.write.
âThis permission only allows the token holder to change the users voice settings. It does not allow them to send a message as the user.”
âAdditionally, a full Discord Bearer authentication token was found stored in the same log file. These findings represent serious privacy and security violations that affect all players using Discord integration with the game.â
Meadows breaks down the data in the blog, claiming that private DM content and friendsâ list activity is being saved to a log file in the gameâs files.
These files are apparently being stored in “C:Users<username>AppDataLocalPioneerGameSavedLogs” on your PC.
Essentially, it appears that if you have Discord integration activated in-game on ARC Raiders, you may potentially be having your private messages read by third-parties with access to this log.
As Meadows puts it, âAny private conversation received while the game is running is written to disk. Log files may be included in crash reports or bug report uploads. Log files may be accessible to other applications on the same machine. Third parties with access to the machine or crash reports can read private conversationsâ.
If youâre playing ARC Raiders, itâs advisable to disconnect Discord support immediately and stop using the app while the game is running.
Meadows allegedly brought this to Embark Studios’ attention a month ago. When the developer did not respond, he made the information available publicly.
Meadows later wrote that Embark addressed the issue on their private Discord server, saying: âThe team is also working on a hotfix to address an issue where the Discord SDK logged excessive user information. Rest assured that your private and/or personal data was not sent outside your machine and Embark has not (and will not) review or keep such information. We will disable the Discord SDK logging and are conducting a deeper audit to ensure no further issues. If you have questions or concerns, please contact our support team.â
The developers said they have âmanually departed players who were unable to join the Expedition. Please check your Raiderâs status and if youâre still stuck, reach out to support by submitting a bug report for missing rewards.â
Embark has also confirmed via its Discord that the hotfix is live now, and players will need to restart their game to download it. Be sure to download this hotfix and refresh your Discord client to be safe.
