Update: Bandai Namco temporarily suspended all PvP servers for Dark Souls 3 after discovering a security flaw in Dark Souls 3.
The official Dark Souls Twitter account stated that “PvP servers to Dark Souls 3 and Dark Souls 2 have been temporarily disabled to allow the team investigate recent reports about an issue with online services.” “Servers for Dark Souls will soon be joined by PtDE.”
This downtime, and the vulnerability itself, doesn’t affect any Dark Souls console games.
The new vulnerability in Dark Souls 3 was discovered by @SkeleMann on Twitter. It has been documented in multiple threads on the Dark Souls 3 subreddit. Blue Sentinel, an established mod that has been able to mitigate similar but less severe vulnerabilities, was updated this afternoon to address the problem.
The hack has not yet been distributed in the wild. Its discoverer has shown the vulnerability on-stream, and Bandai Namco was contacted. However, it doesn’t seem that hackers have access to the information. It is better to be safe than sorry, so play offline or with the Blue Sentinel Patch.
These are not the first instances of such issues in Dark Souls 3 multiplayer. We reported in 2016 on hacking items that were left in users’ games by intruders and corrupting their saves. I also recall similar issues in Dark Souls: Prepare To Die Edition. This persistence across multiple games is worrying, especially with the forthcoming release of Elden Ring, FromSoft’s Dark Souls replacement. Numerous users have suggested that the critical vulnerability in Dark Souls 3 may be present in Elden Ring if it uses a similar netcode. However, this is still not confirmed.
Although we hope to hear from Bandai Namco soon about this vulnerability, it is alarming that it exists in the first instance. The sudden shutting down of Demon’s Souls’ official servers makes the offline play seem more of an option than a disadvantage.