Discord: Difference between revisions

Line 104:

===Inactive account deletions===

Discord has a [[Inactive account deletion|deletion policy on inactive accounts]], in which accounts that are not used for 2 years or more may be scheduled for deletion. Before the deletion of an inactive account, users may receive an email or text message warning that their account is scheduled for deletion. Such policies could adversely affect those who had good reasons to become inactive for a long time, such as hospitalization, prison incarceration, and being in totalitarian countries that have prolonged internet shutdowns. <ref>{{Cite web |last=Librarian |date=2023-06-14 |title=Inactive Account Deletion |url=https://support.discord.com/hc/en-us/articles/5106714856215-Inactive-Account-Deletion |url-status=live |archive-url=http://web.archive.org/web/20260210025748/https://support.discord.com/hc/en-us/articles/5106714856215-Inactive-Account-Deletion |archive-date=2026-02-10 |website=Discord}}</ref>

===SDK vulnerability with Arc Raiders integration (March 2026)===

In March 2026, Timothy Meadows, a computer engineer discovered a privacy and security vulnerability that involved Discord's [[wikipedia:Software_development_kit|software developer kit (SDK)]] and integrations with the [[wikipedia:Arc_Raiders|Arc Raiders]] game.<ref>{{Cite web |last=Meadows |first=Timothy |date=3 Mar 2026 |title=Arc Raiders - Discord SDK Data Exposure |url=https://timothymeadows.com/arc-raiders-discord-sdk-data-exposure/ |url-status=live |archive-url=https://archive.is/pktbu |archive-date=2026-03-06 |access-date=8 Mar 2026 |website=timothymeadows.com}}</ref> This vulnerability affected the users with their Discord account linked with the game, allowing the software to log and store locally Discord private conversations, user credentials and other user information in an unencrypted log file. If the Arc Raiders game crashes, this file could be sent to the game developers. Embark Studios disabled the SDK integration after the incident was announced. <ref>{{Cite web |last=Klotz |first=Aaron |date=Mar 2026 |title=Arc Raiders was accidentally recording Discord conversations into an unencrypted local game file — vulnerability in SDK could log messages and credentials in plaintext |url=https://www.tomshardware.com/video-games/pc-gaming/arc-raiders-was-accidentally-recording-discord-conversations-into-an-unencrypted-local-game-file-vulnerability-in-sdk-could-log-messages-and-credentials-in-plaintext |url-status=live |archive-url=https://archive.is/kWBIf |archive-date=2026-03-07 |access-date=8 Mar 2026 |website=Tom's Hardware}}</ref> <ref>{{Cite web |last=Marnell |first=Blair |date=6 Mar 2026 |title=Arc Raiders Was Recording Private Discord DMs |url=https://www.gamespot.com/articles/arc-raiders-was-recording-private-discord-dms/1100-6538629/|url-status=live |archive-url=https://archive.is/2ZQ1M |archive-date=2026-03-08 |access-date=8 Mar 2026 |website=Gamespot}}</ref>

Before the incident was known, when an user linked their Discord account, a pop-up claimed that Arc Raiders "cannot read users' messages". {{Citation needed}}

==Solution to delete an account without agreeing to the updated ToS==

@@ Line 104: / Line 104: @@
 ===Inactive account deletions===
 Discord has a [[Inactive account deletion|deletion policy on inactive accounts]], in which accounts that are not used for 2 years or more may be scheduled for deletion. Before the deletion of an inactive account, users may receive an email or text message warning that their account is scheduled for deletion. Such policies could adversely affect those who had good reasons to become inactive for a long time, such as hospitalization, prison incarceration, and being in totalitarian countries that have prolonged internet shutdowns. <ref>{{Cite web |last=Librarian |date=2023-06-14 |title=Inactive Account Deletion |url=https://support.discord.com/hc/en-us/articles/5106714856215-Inactive-Account-Deletion |url-status=live |archive-url=http://web.archive.org/web/20260210025748/https://support.discord.com/hc/en-us/articles/5106714856215-Inactive-Account-Deletion |archive-date=2026-02-10 |website=Discord}}</ref>
+===SDK vulnerability with Arc Raiders integration (March 2026)===
+In March 2026, Timothy Meadows, a computer engineer discovered a privacy and security vulnerability that involved Discord's [[wikipedia:Software_development_kit|software developer kit (SDK)]] and integrations with the [[wikipedia:Arc_Raiders|Arc Raiders]] game.<ref>{{Cite web |last=Meadows |first=Timothy |date=3 Mar 2026 |title=Arc Raiders - Discord SDK Data Exposure |url=https://timothymeadows.com/arc-raiders-discord-sdk-data-exposure/ |url-status=live |archive-url=https://archive.is/pktbu |archive-date=2026-03-06 |access-date=8 Mar 2026 |website=timothymeadows.com}}</ref> This vulnerability affected the users with their Discord account linked with the game, allowing the software to log and store locally Discord private conversations, user credentials and other user information in an unencrypted log file. If the Arc Raiders game crashes, this file could be sent to the game developers. Embark Studios disabled the SDK integration after the incident was announced. <ref>{{Cite web |last=Klotz |first=Aaron |date=Mar 2026 |title=Arc Raiders was accidentally recording Discord conversations into an unencrypted local game file — vulnerability in SDK could log messages and credentials in plaintext |url=https://www.tomshardware.com/video-games/pc-gaming/arc-raiders-was-accidentally-recording-discord-conversations-into-an-unencrypted-local-game-file-vulnerability-in-sdk-could-log-messages-and-credentials-in-plaintext |url-status=live |archive-url=https://archive.is/kWBIf |archive-date=2026-03-07 |access-date=8 Mar 2026 |website=Tom's Hardware}}</ref> <ref>{{Cite web |last=Marnell |first=Blair |date=6 Mar 2026 |title=Arc Raiders Was Recording Private Discord DMs |url=https://www.gamespot.com/articles/arc-raiders-was-recording-private-discord-dms/1100-6538629/|url-status=live |archive-url=https://archive.is/2ZQ1M |archive-date=2026-03-08 |access-date=8 Mar 2026 |website=Gamespot}}</ref>
+Before the incident was known, when an user linked their Discord account, a pop-up claimed that Arc Raiders "cannot read users' messages". {{Citation needed}}
 ==Solution to delete an account without agreeing to the updated ToS==