A recent discovery involving the Discord integration used in Arc Raiders has sparked renewed debate about privacy and security on the popular communication platform. Players investigating the game’s files found that private Discord messages and authentication data were being written into local game log files while the game was running.
The issue quickly drew attention online, with concerns ranging from simple logging mistakes to broader questions about how third-party games are allowed to access Discord data.
Private Messages Found Inside Game Log Files
The controversy began when users discovered that Discord Direct Messages received during gameplay were appearing in plain text inside a local log file generated by the game.
Alongside those messages, players also reported that a Discord bearer authentication token was being written to the same logs. These tokens function similarly to a login credential, allowing access to an account without requiring a password while the session remains valid.
Because the log files are stored locally, this raised several potential risks:
- Private DM conversations being saved to disk while the game is active
- Authentication tokens appearing inside logs
- Friend presence data also recorded in logs
- Log files potentially included in crash reports or shared with support teams
If such files were uploaded to bug reporting systems or accessed by malicious software on a user’s computer, the data could theoretically expose private conversations or account access credentials.
Why Bearer Tokens Are a Serious Security Concern
The presence of a bearer token in a log file is considered a significant security issue.
A Discord bearer token can grant temporary access to various parts of an account, including:
- Reading messages and DMs
- Viewing friend lists and servers
- Accessing account settings
- Maintaining a logged-in session until credentials change
If someone obtains this token, they may be able to interact with the account without knowing the user’s password. Because of this, security researchers typically recommend revoking tokens immediately if they appear in exposed logs.
Players who connected their Discord accounts to Arc Raiders were therefore advised to change their Discord password, which invalidates the current authentication token.
Confusion Over Discord’s Permissions Message
Part of the backlash comes from the permissions message shown when linking Discord to the game.
When players connect their accounts, Discord displays a list of permissions granted to the application, including:
- Access to profile information
- Management of friends lists and blocked users
- Viewing friends and their online status
- Updating activity status
- Sending and receiving game invites
However, the interface also states that the application cannot read or send messages on behalf of the user.
The discovery that DM content appeared in logs led some players to claim this contradicts Discord’s statement.
Others argue that the situation is more complex. The logging may have occurred because the game client already had access to message data during the integration process and improperly recorded it locally.
In that scenario, the problem would lie with how the game handled data rather than with Discord intentionally granting access to DMs.
Embark Studios Responds to the Issue
Embark Studios, the developer behind Arc Raiders, acknowledged the problem shortly after it surfaced.
According to the studio, the issue was caused by excessive data logging from the Discord SDK integration. The team confirmed that a hotfix was being prepared to stop the client from recording unnecessary user information.
The developer also stated that:
- The data remained on the user’s local machine
- The information was not transmitted to external servers
- The studio does not review or store player conversations
While the issue has reportedly been patched, the situation still raised questions about how integrations between gaming platforms and communication services are implemented.
Broader Privacy Concerns Around Discord
The incident arrives during a period of increasing scrutiny around Discord’s handling of user data.
Recent controversies surrounding the platform include:
- Plans for broader age verification systems
- Past data exposure incidents involving third-party vendors
- Ongoing debates about privacy protections on large social platforms
For critics, the Arc Raiders situation reinforces concerns about how much access external applications may receive when connected to a Discord account.
Even if the problem was caused by a bug rather than intentional data sharing, it highlights how easily sensitive information can appear in unexpected places when multiple systems interact.
What Players Should Do
Security researchers and developers suggested several precautionary steps for players who linked Discord with Arc Raiders during the affected period:
- Change your Discord password to invalidate existing tokens
- Disable Discord integration inside the game
- Avoid sharing log files publicly or with support teams until sensitive data is removed
While the problem appears to have been addressed, the incident serves as a reminder that integrations between games and communication platforms can carry privacy risks if not carefully implemented.
As cross-platform features become more common in modern games, incidents like this will likely push developers and platform providers to implement stricter security safeguards around user data.
Enjoy our updates? You can add GamingHQ as a preferred source in Google Search to see our articles more often.
