🔴 BreakingGAMING

Arc Raiders Logged Discord DMs and Tokens in Plaintext, Embark Says Hotfix Coming

A security researcher discovered that Embark Studios' extraction shooter was writing private Discord messages and authentication tokens to unencrypted local files — putting player accounts at risk.

A
Alfansa
March 6, 2026📖 3 min read

The Disclosure

Security researcher Timothy Meadows disclosed this week that Arc Raiders, the multiplayer extraction shooter from Embark Studios, was logging players' private Discord direct messages and authentication tokens to plaintext files on their computers when Discord integration was enabled.

The discovery sent ripples through the game's community and prompted the developer to announce an emergency hotfix. The plaintext logs were stored locally in an easily accessible directory — meaning any application, malware, or person with access to the machine could read private conversations and, critically, Discord auth tokens that could be used to hijack accounts.

📊
DMs
Logged in Plaintext
Auth Tokens
Stored Unencrypted
Hotfix
Emergency Patch Incoming

What Was Exposed

According to Meadows' findings, the logging occurred whenever a player had Discord's Rich Presence or overlay integration active while running Arc Raiders. The game's integration layer captured data from Discord's API — including message content and session tokens — and wrote it to local log files without any encryption or obfuscation.

Data TypeRisk
Private DMsPersonal conversations readable by any local process or user
Auth TokensCould be used to hijack Discord accounts without a password
Log File LocationStored in an easily accessible local directory — no admin rights needed to read
Critical risk: Discord auth tokens stored in plaintext can be used to fully access a user's Discord account — read messages, join servers, and send messages as that user — without needing their password or 2FA code.

Embark's Response

Embark Studios acknowledged the issue and announced an emergency hotfix is in development. The studio described the logging as "unintentional debug behaviour" that should have been stripped before the public build shipped. They advised players to disable Discord integration in Arc Raiders' settings until the patch is live, and to delete any local log files in the game's installation directory.

Players who suspect their tokens may have been exposed were also advised to reset their Discord passwords and enable two-factor authentication if they have not already done so.

What to Watch

The incident highlights how deeply third-party integrations — even common ones like Discord Rich Presence — can create attack surfaces when implemented carelessly. Embark has not yet confirmed a timeline for the hotfix, but community pressure makes a rapid turnaround likely. Players should disable Discord integration and purge local logs immediately.

Related Coverage

Legal

Epic Games Sues Fortnite Leaks Contractor

Former contractor allegedly ran leaks account "for clout" while inside the company.

GTA 6

Rockstar Pulls GTA 6 IDs from PS Store

Title IDs removed after fans exploited a profile glitch to fake "Recently Played."

Indie

Slay the Spire 2 — 430K Peak

Mega Crit's sequel crashed Steam and set the roguelike record.

Tags

#Arc Raiders#Embark Studios#Discord#Security#Privacy#Hotfix
A

Written by

Alfansa

Gaming & Entertainment

Part ofObjectWirecoverage
📩 Newsletter

Stay ahead of every story

Breaking news, deep-dives, and editor picks — delivered straight to your inbox. No spam, ever.

Free · Unsubscribe anytime · No ads