ARC Raiders Players Exposed to Privacy Risk via Discord Integration Flaw
A security vulnerability in ARC Raiders, developed by Embark Studios, has exposed players’ private Discord data due to improper logging practices. Computer engineer Timothy D. Meadows reported that the game’s Discord integration was writing users’ private direct messages (DMs) and friends list activity in plaintext to a local log file, stored at C:\Users\<username>\AppData\Local\PioneerGame\Saved\Logs.
While Meadows initially suggested the flaw could allow unauthorized message sending, he later corrected this, clarifying that the exposed Discord bearer token only granted access to modify voice settings not impersonate users. However, the logs still posed a significant privacy risk, as they could be accessed by other applications on the same machine or included in crash reports, potentially exposing private conversations to third parties.
Meadows disclosed the issue publicly after Embark Studios failed to respond to his initial report a month prior. The developer later acknowledged the problem on its private Discord server, confirming that no data was transmitted outside users’ machines. Embark stated it had deployed a hotfix to disable excessive Discord SDK logging and was conducting a deeper audit. Players were advised to restart the game to apply the update.
The incident highlights the risks of improper data handling in gaming integrations, particularly when sensitive third-party communications are logged without adequate safeguards.
Source: https://www.gamingbible.com/news/platform/pc/arc-raiders-security-breach-460066-20260305
Embark Studios cybersecurity rating report: https://www.rankiteo.com/company/embark-studios-ab
Discord cybersecurity rating report: https://www.rankiteo.com/company/discord
"id": "EMBDIS1772736200",
"linkid": "embark-studios-ab, discord",
"type": "Vulnerability",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'ARC Raiders players',
'industry': 'Video Game Development',
'name': 'Embark Studios',
'type': 'Company'}],
'attack_vector': 'Improper Logging Practices',
'customer_advisories': 'Players were advised to restart the game to apply the '
'update.',
'data_breach': {'data_encryption': 'No (plaintext logging)',
'data_exfiltration': 'No (data remained local but accessible '
'to other applications)',
'file_types_exposed': 'Log files (.log)',
'personally_identifiable_information': 'Potentially (Discord '
'user activity and '
'messages)',
'sensitivity_of_data': 'High (private communications)',
'type_of_data_compromised': 'Private Discord direct messages '
'(DMs) and friends list activity'},
'description': 'A security vulnerability in *ARC Raiders*, developed by '
'Embark Studios, exposed players’ private Discord data due to '
'improper logging practices. The game’s Discord integration '
'was writing users’ private direct messages (DMs) and friends '
'list activity in plaintext to a local log file. While the '
'exposed Discord bearer token only granted access to modify '
'voice settings, the logs posed a significant privacy risk as '
'they could be accessed by other applications or included in '
'crash reports.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'privacy risk',
'data_compromised': 'Private Discord direct messages (DMs) and '
'friends list activity',
'systems_affected': 'ARC Raiders game client'},
'investigation_status': 'Resolved (hotfix deployed)',
'lessons_learned': 'Highlights risks of improper data handling in gaming '
'integrations, particularly when sensitive third-party '
'communications are logged without adequate safeguards.',
'post_incident_analysis': {'corrective_actions': 'Disabled excessive Discord '
'SDK logging, conducting a '
'deeper audit of logging '
'practices',
'root_causes': 'Improper logging practices in '
'Discord SDK integration, storing '
'private data in plaintext log '
'files'},
'recommendations': 'Implement stricter logging controls, avoid storing '
'sensitive data in plaintext, and ensure timely responses '
'to security disclosures.',
'references': [{'source': 'Timothy D. Meadows (Computer Engineer)'}],
'response': {'communication_strategy': 'Acknowledged the issue on private '
'Discord server',
'containment_measures': 'Deployed a hotfix to disable excessive '
'Discord SDK logging',
'recovery_measures': 'Players advised to restart the game to '
'apply the update',
'remediation_measures': 'Conducting a deeper audit of logging '
'practices'},
'stakeholder_advisories': 'Embark Studios acknowledged the issue on its '
'private Discord server and advised players to '
'restart the game.',
'title': 'ARC Raiders Players Exposed to Privacy Risk via Discord Integration '
'Flaw',
'type': 'Data Exposure',
'vulnerability_exploited': 'Excessive Discord SDK logging writing private '
'data to local log files in plaintext'}