Overview
- Security researcher Timothy D. Meadows reported that Arc Raiders’ Discord integration wrote private direct messages, presence data, and a full Discord Bearer token to a local plaintext log when accounts were linked.
- The locally stored logs could be read by other applications or end up in crash or bug-report uploads, creating potential exposure of messages and tokens to third parties with access.
- Embark Studios released a same-day update that disabled Discord SDK logging and stated it had not transmitted or reviewed any private data.
- Post-patch testing by GamesRadar+ found the game no longer generates the Discord logs, and Embark said a deeper internal audit is underway.
- Meadows said he struggled to find a working bug-bounty contact, and he and outlets advised players to disable the integration and change Discord credentials pending the audit.