Engineer Catches Discord Saving Unencrypted Copies of Users' Conversations, Authentication Tokens

Arc Raiders, a popular third-person multiplayer extraction shooter game, has come under scrutiny after players found out that the game was recording private Discord conversations and account tokens into an unencrypted local log file. Players who linked Discord to Arc Raiders and kept the communication platform open during gameplay were exposed to this vulnerability, though only two players are known to have been affected.

Per a blog post published on March 3 by security researcher Timothy D. Meadows, the log files contained full Discord Bearer tokens and message content. Meadows says the problem started with how Arc Raiders used Discord's Social SDK to implement in-game social tools, including one that displays a player's game status. The system reportedly recorded nearly everything from the SDK without filtering out sensitive information, allowing DMs and login tokens to appear in local logs.

Meadows' findings raise questions about Discord's SDK design ...