Key Takeaways
1. ARC Raiders was found to be capturing private Discord chats due to a flaw in the Discord SDK.
2. The issue was discovered by computer engineer Timothy D. Meadows, who reported that private messages were saved in a plain text log file on players’ machines.
3. The log file included complete texts of private messages and a Discord bearer authentication token, raising security concerns.
4. Only players who linked their Discord accounts with ARC Raiders were affected; those who did not link their accounts were not impacted.
5. Embark Studios quickly addressed the issue with a hotfix, assured players that the data was not shared externally, and is conducting a thorough audit to prevent future problems.
A recent privacy concern has emerged in ARC Raiders, revealing that the game was capturing private Discord chats. This issue has been resolved, with developer Embark Studios swiftly deploying a hotfix to eliminate the problem once it was uncovered.
Discovery of the Issue
This issue was initially uncovered by computer engineer Timothy D. Meadows, who detailed the matter in a blog entry. His investigation revealed that when Discord integration was activated, the game was recording private direct messages between users. These messages were being saved in a plain text log file on the player’s machine.
Content of the Log File
Reportedly, the log file included the complete text of private messages exchanged among users. Furthermore, Meadows found that a Discord bearer authentication token was also being stored in this same file. This raised concerns, as it meant that anyone with access to the computer, crash reports, or specific local applications could potentially read these messages.
Specifics of the Issue
The problem was directly tied to the Discord SDK utilized in the game, impacting only those players who had linked their Discord accounts with ARC Raiders. Players who did not connect their Discord accounts were not impacted at all.
Shortly after the issue gained attention, Embark Studios acknowledged it and confirmed that the Discord SDK had recorded more user information than was supposed to. They reassured players that the data was never shared outside of the user’s computer and that the developers did not access or keep the messages. A hotfix has been rolled out to disable the problematic logging, and the team mentioned that they are conducting a more thorough audit to ensure that similar issues do not occur in the future.
Source:
Link