If you are one of the many people who played Genshin Impact over recent months and you shared your phone number, you might want to remain on your guard. MiHoYo, the company responsible for the remarkably popular online game, did a less than stellar job of hiding that personal data from potential prying eyes.
In an illuminating Reddit post, user TiltOnPlay revealed that linked phone numbers could sometimes be accessed through the “forgot password” retrieval system. For whatever reason, some customer phone numbers would display completely, even though similar data such as email address was appropriately blocked from appearing in its entirety.
As noted in the post, the alarming issue did not affect accounts in all regions. However, it seems to have impacted numerous accounts throughout North America, Europe, and possibly Asia. Genshin Impact players from those parts of the globe likely account for a not-insignificant portion of the popular game’s total audience.
Gamers are not required to provide their phone number in order to play. Additionally, the issue prompting relevant Genshin Impact accounts to display the phone number appears to have been resolved. However, the security hole may have existed for weeks now without anyone noticing. Your personal information may have already fallen into the wrong hands.
A stray phone number might not seem like a particularly big deal, but it was an avenue for harassment at the very least. Even if you merely knew someone’s username, you could have potentially used the “forgot password” tool to gain the information necessary to contact them by phone. Providers such as MiHoYo have a responsibility to guard sensitive data. It is always a good idea to consider what data you share online. Provide only that which is necessary to safely use a service you appreciate.
Hopefully, MiHoYo is aware of any other Genshin Impact security holes that may remain and will eliminate them before any malicious actors can take advantage.