Chinese developer MiHoYo, which recently launched Genshin Impact on PS4 and mobile devices, has been accused of a data breach that may have risked players' privacy.
Reddit user TiltOnPlay reported the breach online yesterday, explaining that when visiting MiHoYo's website and entering their username while attempting to reset a password, their mobile number associated with their account was shown in full. This would theoretically suggest that anyone could access a player's mobile number by simply knowing their username and typing it into the website.
The post gathered lots of attention from other Genshin Impact players, who began to report on their own findings. It appears that some players' numbers were censored correctly, while others weren't, indicating that not all accounts had been affected. At the time of writing, players believe that the issue may have been fixed, although there still appears to be plenty of confusion over how and why the personal data was exposed.
In a comment shared with Nintendo Life, Digital Privacy Expert at ProPrivacy, Andreas Theodorou, says that the situation shows the "little concern" MiHoYo pays to its users. Theodorou warns players to "take great care over the coming months", which might be something to keep in mind when the Switch version eventually drops.
"This is not the first time MiHoYo has been criticized for failing to secure users’ privacy and shows how little concern they pay. By showing users’ personal information, with no authentication, they have allowed potential stalkers, scammers, and other cybercriminals access to sensitive information, and carelessly put Genshin players at risk.
"It was entirely possible for cybercriminals to search for specific players’ phone numbers and implement targeted attacks based on the information MiHoYo had provided. Genshin players should take great care over the coming months and be wary of any potential scams or harassment that may come about because of MiHoYo’s failings."
Comments 46
Legend Of Zel-Dial: Breath from a Stranger
Eh, anyone with Facebook, WhatsApp or basically any other app on their phone has already waived their rights to their data being sold. If you cared about data privacy then you’d sit in a dark room with the curtains closed, no electronic devices and a tinfoil hat on, to keep out the alien mind control.
The visible phone number was definitely off-putting, but at least they seem to have fixed it within hours of it being posted. Hopefully they see the backlash and decide to focus a bit more on security, especially if they want to hold onto this game's success.
@King-X Scams for in-game currency happen in almost any game like this, so I don't really see that as super noteworthy. I also don't find the gacha system in the game to be as bad as people say, yes the rates are really low but you really don't need 5 stars at all. You can play the game and have a great time without spending a cent. At the moment there's nothing pressuring players to have the most optimal gear, even the spiral abyss can be completed by free-to-play players.
Big yikes! I was gonna check this game out when my PS5 arrived, but I think I'll pass now
Lovely anime waifus are not worth selling your identity to a Chinese scam. If you're looking for eye candy, you can get plenty much more safely on Twitter, Tumblr, Reddit... etc etc.
@King-X I'm currently at AR40 and haven't felt the temptation to spend money yet. I haven't been super short on resources, 3 of my characters are at level 80 and my talents just require the weekly boss materials now. The constellations aren't necessary at all, and even as a FTP player getting a few constellations on 4 stars isn't too difficult. There are whales out there that will fall to the gacha trap and spend that amount on any gacha game, you just have to not fall for it and you'll have a good time. The game is really well made, I was honestly surprised with how much I liked the characters, OST, and combat. I just don't think it should be easily dismissed as "gacha trash" as long as you can be responsible with your money.
@nessisonett
Agreed 100%.
Not to excuse Mihoyo's behavior or anything, but if anyone thinks their data was private in the first place, then they are hopelessly naïve.
@King-X Well my personal advice is to play the game! I’ve thoroughly enjoyed 30 hours of it so far and only spent £5. The gacha system is entirely optional - I’m playing through with characters I’ve unlocked through regular gameplay.
It’s a beautiful and funny game.
The data breach is problematic of course - I assume they’ve fixed it now?!
I fully agree with @Cynas, people are blowing the gacha element way out of proportion. You don't need it at all to play this game and even when you use it, it only makes a tiny portion of the game, it's not really relevant.
Besides you don't have to spend any real money on it, you get tons of in-game currency for free, dunno what @King-X is on about.
Why is everyone so hung-up on those bonus characters? I've been playing the game with the first 4 characters you get (including your own player) and I really don't see the need to switch them out, that's just a waste of time.
That said, if the game actually required you to spend money - which it doesn't - I don't see any problem with that. Botw cost around 60 Euros, so paying a similar amount for this game seems reasonable to me, even though it's not as exceptional as Botw of course.
Also, while this breach is a terrible thing, I'm surprised anyone would actually provide their real phone number, that's just dumb. 😂
@King-X Yes, if you're the type of person who will fall to the temptation of the gacha system and spend thousands, then don't play. Same with if you're the type of person to get addicted to alcohol, then stay away from drinking. But there's also no need to tell everyone to stay away from drinking because some people can get addicted to it. I think the same applies to gacha games.
@King-X Err, let it go? I wasn't holding onto anything, we were just having a civil discussion, but if you want to end it then sure.
@King-X Who cares about the community? We're talking about the game itself, not about things happening around it.
Also that's a pretty weird argument to make regarding bonus characters.
I don't get why anyone would need other characters, they are all pretty generic - but if you're not satisfied with the free characters, then go ahead and pay money for the bonus ones.
That's your personal choice, not a valid reason to complain though.
It just seems like you're trying to force your personal perspective on everyone, because what you're saying clearly doesn't apply to everyone.
I guess if you play offline (and don't make a account) you can still safely play the game? And of course you should ignore the microtransactions, as always!
@King-X I don't know what successfully closed topic you're referring to. 🤷♂️
Actually, I've been saying that under every article about Genshin Impact I've read anywhere online.
I've been telling people to not let this irrelevant nonsense distract them from just enjoying this beautiful game.
I don't understand why people are so focussed on a tiny irrelevant aspect of this game. I actually had to google them find the gacha elements in this game, it's buried so deep inside the menu that you will never encounter it if you don't know about it.
I just find it really weird that everyone's bringing up this one tiny aspect whenever this game is discussed.
Splatoon for example has the same random aspect when unlocking/rerolling slots yet I've never heard anyone complain or call Splatoon a 'gacha game'.
I willingly gave my personal info to a company in an oppressive totalitarian country where companies are required by law to include backdoors for the government and give them any info they ask for, and you're telling me it might not be 100% safe?
SAY IT AN'T SO!!
Remember when phone books existed, and it was actually helpful for people to be able to look up your name and find your phone number?
Ofc it's china
@shani you seriously don't see the difference between a F2P game locking pretty much everything behind MTX with actual money, and a gear meta that normally gives random abilities but can also be planned via Ability Chunks, Food Tickets, etc.? You really don't?
I mean, even if Splatoon 2's gear meta didn't feature those and actually was totally random, spending real money versus spending none is not a difference? Are you serious?
Well, I try to stay away from Chinese companies, if I can. I'm pretty sure that every Chinese company is linked to the CCP, so your data is never secure.
wow...I don't recall using my mobile number...
Anyone who argues that using any apps or social media is automatically surrendering their privacy makes me wonder if anyone remembers web 1.0, let alone if they realize the absurdity of the world we live in that leads some of you to think that it’s okay to let this be normal with big data.
Yeesh. Seems the only good thing to come out of this game is the fanart.
That didn't take long.
I'm surprised at anyone who thinks their personal information is safe and no one knows about it.
@Yorumi yes I've heard this game has a good kind of F2P economy (I haven't played it myself), but I was pointing to the fact that Splatoon is a bad comparison as it doesn't have any kind of MTX at all.
'Chinese developers' 'Data Breach' I would never have guessed myself...
@King-X Statistically, only 10% will complain about something. If there are 50,000 complaints and the game continues to thrive then there are 950,000 fans not engaged in the discussion. The more popular the game, the higher the chance for negative response. As the initial complainers move away and find something else to criticize, the defenders will find room to breath. Same thing is happening on YouTube where some of the toxic personalities are moving on to others games after seeing their ratings drop.
@Yorumi There's a big difference between public information in a phone book and public records as opposed to the data security in question here.
What the information that is leaked now and to who it's given is not the same as a phone book where someone in your state and county have your information if they need to look you up or for the government to send you notifications for jury duty and taxes.
It is bulk information being sold to a group of advertisers and spammers, often in other countries who have your habits as well for analytics, analogous to giving your name, address, information on magazines you subscribe to, work history, dietary habits and so on that leads to not only flooding your mailbox with junk like Sears catalogues and Scientology newsletters, but also phone calls from telemarketers and visits from all sorts of people like Jehovah's Witnesses and Hare Krishnas or door-to-door salesmen.
In other words: who that information is made available to is not just your state and community, and it's a lot more than just public information, which will be used at the very least to analyze you and spam you in a targeted manner. This is decidedly not the same thing as a phone book or public records the same way Macy's can't send their catalogue to everyone listed in the White Pages.
@nessisonett Selling data is one thing, having your phone number publicly available for scammers and hackers to exploit is another thing entirely.
And MiHoYo will give another Barbara tomorrow, she's the best healer of the game. I have Qiqi, but her heals is not enough compared to my Barbaba, so good! Give it a go everyone, Genshin Impact is a great game, despite the gacha system.
If one thinks this was bad try Equifax and the 300mil users lost data and tell me whom caused more damages. If the cause is just a lost of phone number then people are asking themselves way to much here.
Um, i don't want my mobile phone number revealed, thank you. Especially in this day and age
@King-X The gacha system is just a gacha system. It's honestly better than most thanks to the pity system. It's a lot kinder than basically every nintendo, SE and Namco gacha I've played. You want real cancer? Go play fire emblem heroes. Enjoy rolling for random natures.
It's made a lot because of whales. Where was the outrage around games like Pokémon GO or any other successful mobile game? A game being successful usually means people are enjoying it, else they wouldn't put money into it. Many players either pay very little or nothing at all, though. I've yet to pay for rolls.
It "isn't finished" because games are a service now. I'm guessing you either rushed or haven't actually played because even those two areas have a lot of content. Remember this is a free game. Many games now release content over time. It keeps a consistent player base active. Unless you also complain about mmo expansion passes and dlc? I'd rather pay nothing for content over time to 80 to 100 dollars for the "full experience".
You don't have to like it but don't go around forcing your dislike on others. This Chinese free gacha game is honestly better than botw. It's a super fun experience, it's co-op, and is very unique. Every character has their own ability and fighting style. And you don't have to pay a dime if you can be patient.
Furthermore, while I do think they should be called out for glitches like this, I don't get why people are acting like this is the only company with these breaches. Did everyone already forget Capcom being hacked literally days ago? ***** happens, mistakes are made, companies really don't care about your privacy until they're in trouble for it. So yes, yell at them, but it is not a reason to avoid a fun game.
Sorry, this is the future of gaming, even Nintendo is doing it. I normally don't like gacha, but this has been one of the better versions of it, I don't feel it's needed just to progress and all my rolls mean something as all characters are viable and unique without natures or ranks. And, there's an entire game underneath, not "press auto button and go do something else" like most mobile games are. I encourage people to try it before having tantrums over gacha. It's not as bad as you think.
(imo, as the future of gacha is inevitable, id rather show companies generous systems with actual content earn more positive attention over empty garbage that abuses your wallet)
@King-X Okay.
I'll make it simple since reading is hard. Even though you obviously read it and just too mad to come up with feasible defenses.
The game is fun, and you can get by just fine without ever paying a dime.
Your logic of "it made lots of money because gacha is cancer" doesnt make sense. It makes money because it's popular, like Pokemon Go and Fate.
Linking accounts is normal, Nintendo has you link everything to your Nintendo account.
The game is "unfinished" because like many free games it will release free content over time.
It's not a botw clone and no one brought it up so not sure why you mentioned it.
Most of my comment wasn't about you forcing your opinion on others, but explaining why your logic wasn't a very sensible argument to back up your blunt claim to avoid the game.
But if you insist on acting emotional, we can at least agree that Yuri is a fantastic character.
My recommendation to people is to just try the game out, but have some impulse control and patience. No one is bending your arm to spend money on gacha.
Installing this game is a data breach on itself.
There is no linked Mobile Number by default on PC or Console
@ComposedJam they added keybinding in the recent 1.1 update, along with a bunch of QoL additions. You can 100% complete the game(2 of the 7 chapters planned) solely using the team they give you for free, without even touching the gacha system. All the world content revolves around the elements they provided for free. In fact it's easier to play without the gacha because you only need to maintain 6 characters (4 story, 2 from events)
@ComposedJam The Rate up banner is definitely the one to use. If you haven't used it yet, use the Beginner's Banner, which is 10 wishes for 8 fates (the gacha currency) with Noelle guaranteed (she's a great tanky healer). Pity Wishes happen every 10 wishes, you'll get a guaranteed 4* weapon or character. 5* pity is at 90 wishes. Ignore the standard character banner (wanderlust something I think it was called). Do the weapons banner once you think you have a good team.
The gacha not as bad as other Gacha games in the market. At least the game also has a good overall game
"Carelessly putting people at risk" is the theme of 2020.
@ComposedJam I'd say the main story(Archon Quests) is about 2-3 hours per region, there's "Story Quests" that are 15-30 minutes for some of the characters and then you have plenty of Oculi to find.
They plan on major updates every 6 weeks or so. Next Update is December 23rd which includes a portion of the existing map unlocking
@Cynas Not everyone knows they will have a predisposed sensitivity to becoming addicted to alcohol or gacha gambling before they try. The comparison isn't necessarily one to one either.
@ComposedJam "This is just how games are done now, sadly." No it isn't and don't ya start believing that or they it will become that way. Some of the biggest games as services don't use gacha or loot boxes like Fortnite and CoD.
Yikes, that's not good. Hopefully they can fix it quickly, as they fixed the anti cheating software issue pretty quickly.
Also, where did King-X's comments go, did they get banned, delete their account, or something?
@ComposedJam I think you're misinterpreting the playfulness of how I was saying that, confusing it as an actual "directive" from me. Also I don't think that factually it is how most games are done nowadays - though I do believe most all publishers would love that to be reality. That's where my playfulness was coming in. As in "please don't believe that's the case, if you do the greedy publishers have won, as you've accepted this as a new potential reality."
@ComposedJam well I'm not a "writer" - in my head, my voice, using "ya" instead of "you" and all that just makes it sound different to me, like I'm being really friendly. I feel like I'm arguing with a Vulcan (which isn't an insult).
I had to cancel my bank card and get a new one as NihoYo tried to take £250 out of my account 8 TIMES.
Show Comments
Leave A Comment
Hold on there, you need to login to post a comment...