ARC Raiders Privacy Breach: Game Logged Private Discord Messages Until Hotfix

A significant privacy breach was discovered in ARC Raiders, where the game was secretly recording players' private Discord direct messages without their knowledge. The issue, which has since been addressed by developer Embark Studios, involved the game logging sensitive conversation data through its Discord integration.

How the Privacy Issue Was Discovered

The problem came to light when computer engineer Timothy D. Meadows investigated the game's behavior and shared his findings in a detailed blog post. According to Meadows' investigation, ARC Raiders was writing private Discord conversations to a plain text log file stored locally on players' computers when the Discord integration was enabled.

The log file reportedly contained the full content of private messages exchanged between users, creating a significant privacy risk. Even more concerning, Meadows discovered that a Discord bearer authentication token was also being saved in the same file.

The Security Implications

This logging behavior created multiple potential security vulnerabilities. In theory, anyone with access to the affected computer could potentially view those private messages. The issue extended beyond just local access - crash reports and certain local applications could also potentially access this sensitive data.

The problem was specifically linked to the Discord SDK used in the game, and it only affected players who had connected their Discord accounts with ARC Raiders. Players who never linked their Discord accounts were not affected by this privacy breach.

Developer Response and Resolution

Shortly after the issue became public, Embark Studios responded quickly to address the situation. The studio confirmed that the Discord SDK had logged more user information than intended, acknowledging the privacy concerns raised by the community.

In their statement, Embark Studios assured players that the data was never transmitted outside the user's computer and that the developers never accessed or stored the messages themselves. This clarification was important to address concerns about potential data harvesting or misuse.

A hotfix was promptly released that disables the problematic logging behavior, effectively stopping the game from recording private Discord conversations. The studio also stated that it is performing a deeper audit to ensure similar issues do not appear in the future.

Context and Impact

This incident highlights the potential privacy risks that can arise from third-party SDK integrations in games. The Discord SDK, while designed to enhance social features and connectivity, inadvertently created a vulnerability that could expose sensitive user data.

For players who had linked their Discord accounts to ARC Raiders, this meant that their private conversations were being stored in an unsecured manner on their local machines. While the data wasn't being transmitted externally, the local storage of such sensitive information still represented a significant privacy concern.

Moving Forward

The quick response from Embark Studios demonstrates the importance of prompt action when privacy issues are discovered. By releasing a hotfix and committing to a deeper audit of their systems, the developer has taken steps to rebuild trust with their player base.

This incident serves as a reminder for both developers and players about the importance of privacy considerations in gaming. Developers need to carefully vet third-party integrations and their data handling practices, while players should remain aware of the privacy implications when linking accounts between different services.

The ARC Raiders Discord channel has been updated with information about this issue, providing players with the latest details on the resolution and any remaining concerns about their data privacy.