Arc Raiders - Discord SDK Data Exposure

inlandempire · 16 days ago

Arc Raiders - Discord SDK Data Exposure

inlandempire · 16 days ago

During gameplay of Arc Raiders, private Discord Direct Message (DM) conversations between two users were found being written in plaintext to a local game log file. Additionally, a full Discord Bearer authentication token was found stored in the same log file. These findings represent serious privacy and security violations that affect all players using Discord integration with the game.

User Ravun adds:

I reported this to the Arc Raider team on 2/2/2026 but have received no response. Hopefully posting it here [arc raiders subreddit] will help keep raiders safe, and bring attention to the issue so that Embark can fix it.

In short, I highly recommend that players Disable discord integration inside of Arc Raiders. I doubt that many actually depend on this integration. Disabling it (disconnecting in settings) will remove the information being written to discord.log

RelativityRanger · 16 days ago

I reported this to the Arc Raider team on 2/2/2026 but have received no response.

What the fuck lol

Tetsuo · 16 days ago

Correction from the author :

I originally reported that the bearer token had the ability to send a message on the user behalf. This was in error due to my misunderstanding of the permission rpc.voice.write. This permission only allows the token holder to change the users voice settings. It does not allow them to send a message as the user. This has been corrected in the article below to give the correct abilities. This message serves as a retraction notice.

I’ll be honest this looks poorly researched. There is probably something to fix in the Arc Raiders logging but it’s not anything critical.