The password recovery system on the MiHoYo website – which holds the personal information of millions of Genshin Impact players – has reportedly been leaking the personal phone numbers of some of its players.
According to posts on the Genshin Impact Reddit, which was picked up by Vice, since October players have been reporting a weakness in the website that showed the uncensored phone numbers attached to players’ usernames.
“If you were to go to the miHoYo account website; forgot password; and then enter your username, the email would be partially censored. However, if you linked a mobile number, it is NOT censored at all,” insisted one player, writing on the subreddit less than a week ago.
A player using the name Skydtlee also shared their concerns with Vice: “At the time I tried a couple of random usernames [from the Genshin Impact subreddit], and I was able to see their numbers as well.” MaitieS, another player active on the reddit, added: “When I tested it by myself I was able to see my whole phone number without any censorship.”
While MiHoYo has still yet to comment publicly on the issue, it appears the exploit has now been fixed, and many players are now confirming that the issue seems to have been addressed and fixed.
Genshin Impact update 1.1 is now live, bringing the biggest collection of new content and features to the game since its full release back in September.
The update adds in new story quests which finish out the Liyue story arc, while also adding in a set of four new story characters to the Wish pool for gacha-collecting.
Part of GR+’s news crew, Vikki is a (jumpy) survival horror survivalist with a penchant for sci-fi, shooters, thrillers, and a strong cup of Yorkshire tea. A committed Guardian and Spartan, she’s terrible at FPSs, but loves ’em all the same.