Genshin Impact phone number reportedly not protected privacy

Genshin Impact fails to protect players’ phone numbers in big security flaw

Update: According to the developer, this is now fixed. MiHoYo has stated that it took “immediate action to fix the problem.” (via GamesIndustry.biz)


Multiple players are reporting that Genshin Impact isn’t properly protecting the privacy of their phone numbers, with developer Mihoyo allegedly failing to censor their digits. This means that some players who have registered for the game on iOS or Android may be vulnerable to having their full phone number revealed.

Genshin Impact is a free-to-play JRPG that has been around for several months. Most recently, it was released in the West and has become explosively popular; a handful of new characters were recently revealed in a leak before being officially confirmed prior to the launch of the 1.1 patch. Now, it’s come to light that Mihoyo may not have the best account security in place for some mobile players.

Why this Genshin Impact phone number security flaw is a problem

Genshin Impact phone number reportedly not protected security

A password recovery form will typically censor a player’s e-mail address or phone number. For example, the e-mail jimjameson@xyz.com might be shown on screen as ji******on@xyz.com; similarly, a phone number of 123-456-7890 would be shown as 12*-***-**90. Unfortunately, players in several countries are reporting that Genshin Impact phone number censorship isn’t working in some regions. This means that full phone numbers are displayed, which would theoretically allow users to enter generic usernames and obtain the phone numbers of accounts with their numbers linked.

A discussion on Reddit begins with a player who attempted to recover their password only to discover that the account recovery page was showing their full phone number. Several other players from Australia, Asia, and the EU have reported that their phone numbers are similarly visible on the account recovery page; however, other players — most notably in Indonesia and other unnamed EU countries — are saying that their phone numbers are properly censored.

Based on player reporting thus far, it appears that certain countries might not have phone numbers censored on the account recovery page while other countries do. Uncensored phone numbers can be an issue for two reasons: a malicious actor could call you unsolicited or sell your phone number to a third party. A more technically-adept hacker could potentially intercept your SMS messages and consequently gain access to your account.

Thankfully, this issue seems to be limited to a handful of countries and only to players who signed up for the game with a phone number rather than an e-mail. Mihoyo has shown a willingness to respond to player complaints about technical issues; earlier this year, it changed the way its PC anti-cheat system worked after player feedback. Players are currently contacting Mihoyo in an effort to get this issue resolved as soon as possible.

Upcoming Releases
Kindred Fates is an open world monster battling RPG, and a love letter to the monster battle genre. Our goal is to evolve the genre, and finally bring fans what they've been asking for.
Inspired by the beauty of the natural world around us, Everwild is a brand-new game in development from Rare where unique and unforgettable experiences await in a natural and magical world. Play as an Eternal as you explore and build bonds with the world around you.
Atlas is an action-rpg with rogue-like elements where you use your ability to control the ground to fight the enemies and move through procedurally generated worlds.
Reviews
9
With a new Snapdragon processor comes a new REDMAGIC 10 Pro phone incorporating it. For those gamers or power users…
X