You might not want to play a Dark Souls game online for a while — not that you necessarily can. As Dexerto and The Verge report, attackers have discovered a security exploit in Dark Souls 3 (and potentially Elden Ring) for Windows that lets attackers remotely execute control and effectively hijack your PC. Streamers like The_Grim_Sleeper have learned about the potential damage first-hand — in his case, the intruder launched Microsoft PowerShell and ran a text-to-speech script blasting him for his gameplay.
The exploiter might not have malicious intent. A post on the SpeedSouls Discord claimed the hacker was trying to warn developer FromSoftware about the Dark Souls 3 vulnerability, but turned to compromising streamers to highlight the problem. Few people beyond the perpetrator are aware of how to use it, but there’s already a patch for the unofficial Blue Sentinel anti-cheat tool.
FromSoftware and its publisher Bandai Namco have since responded to the exploit. They’ve temporarily shut down the player-versus-player servers for Dark Souls 3 and its predecessors while the security team investigates the flaws. It’s not certain when the servers will go back online, but From and Bandai clearly won’t restore service until they’re reasonably confident players are safe. More sinister attackers could use the flaw to steal sensitive information, ruin gamers’ systems and otherwise do serious damage.
PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow the team to investigate recent reports of an issue with online services.
Servers for Dark Souls: PtDE will join them shortly.
We apologize for this inconvenience.
— Dark Souls (@DarkSoulsGame) January 23, 2022