Arc Raiders was accidentally recording Discord conversations into an unencrypted local game file — vulnerability in SDK could log messages and credentials in plaintext
www.tomshardware.com
Thankfully, the issue has since been hotfixed by Arc Raiders, but the fault still lies with Discord

Remember you can trust Discord with your driver’s license for verification, I’m sure they won’t accidentally store them in a plain text open API call or anything.

  • Quetzalcutlass@lemmy.worldEnglish
    41·
    23 hours ago

    Not necessarily. Developers choose what permissions their authorization token has when they register it with Discord. In this case the game asked for an auth token with all permissions, so the game connects to Discord with the same access levels as your actual login.

    • DreamButt@lemmy.worldEnglish
      271·
      18 hours ago

      Yeah that’s what the person before me said. I’m saying that the fact it’s possible at all is a horrible violation of privacy

      • Armok_the_bunny@lemmy.worldEnglish
        7·
        10 hours ago

        There are legitimate reasons to ask for an “all permissions” token, such as setting up and using a third party client. A game is not one of the things that should be asking for that though.

        • Blackmist@feddit.ukEnglish
          1·
          4 hours ago

          In any case it sounds like a reason to actually read what the oauth login screens are actually telling you…