Genshin Impact appears to be exposing some players' mobile numbers

Genshin Impact appears to be exposing some players’ mobile numbers

Genshin Impact players on Reddit are reporting what could be a fairly major potential privacy breach on the MiHoYo website. The site’s forgotten password page offers an option to send a recovery code to linked mobile phone numbers, and in some cases it’s apparently displaying those numbers in full rather than partially censoring them.

Redditor TiltOnPlay posted a screen illustrating the problem:

(Image credit: miHoYo)

Any email address can be entered into the “forgot password” page, after which the option to verify the account can be switched to using a linked mobile number rather than an email address—meaning that anyone can enter an address and potentially access the user’s mobile number. Aside from the obvious downsides of having your phone number exposed to the world (which, as CNet explains, can be quite serious), several users have pointed out that leaving data lying around in the open like this is also a big violation of the EU’s notoriously strict privacy laws.

Source link

Leave a Reply

Scroll to Top