Update: Following the discovery of a serious security vulnerability in Dark Souls 3, Bandai Namco has acknowledged the problem and temporarily suspended PvP servers on PC.
"PvP servers for Dark Souls 3, Dark Souls 2, and Dark Souls: Remastered have been temporarily deactivated to allow the team to investigate recent reports of an issue with online services," the official Dark Souls Twitter account tweeted. "Servers for Dark Souls: PtDE will join them shortly."
This downtime—and the vulnerability itself—doesn't affect any Dark Souls games on consoles.
This new security vulnerability in Dark Souls 3, as outlined on Twitter by user @SkeleMann and in multiple threads, including one pinned by moderators, on the Dark Souls 3 subreddit, seems to operate on the level of full-on malware and could pose a serious risk to anyone playing the game in its online mode. The well-respected Blue Sentinel mod, which has been able to counteract similar, if less serious vulnerabilities in the past, has just been updated to address the issue as of this afternoon.
As of writing, it seems that the newest hack is not disseminating out in the wild—its discoverer has demonstrated the vulnerability on-stream and contacted Bandai Namco, but it does not seem to be the case that hackers at-large have access to it yet. Still, better to be safe than sorry and play in offline mode or with the Blue Sentinel patch.
PSA - DARK SOULS 3 - PC#DarkSouls3 #DarkSoulsHey folksOn PC there is a new, very serious exploit plaguing Dark Souls 3 which can cause lasting damage to your computer.This could brick your PC, let your login information be shared, or execute programs in the background. 1/?January 22, 2022
This is not the first time issues like this have cropped up in Dark Souls 3 multiplayer. In 2016, we reported on hacked items being left in users' games by invaders, corrupting their saves, and I recall a similar issue of hacked items existing in the initial PC release of Dark Souls: Prepare to Die Edition. That persistence across multiple games is also worrying with the upcoming release of FromSoft's Dark Souls successor, Elden Ring. I've seen multiple users speculate that this critical vulnerability in Dark Souls 3 could be present in Elden Ring if it uses the same netcode, but that remains unconfirmed.
We hope to see official word from Bandai Namco soon, but even when this vulnerability gets addressed, it's highly alarming that it could even exist in the first place. All of a sudden, Demon's Souls' official servers being shut down leaving offline play the only option seems like more of a feature than a downside.