Genshin Impact Can't Seem To Shake Its Data Security Problem

MiHoYo, developer of gacha-style Breath of the Wild clone Genshin Impact, has come under fire ever since the game's release on September 28 for various privacy issues that have dogged the game. The latest incident came to light yesterday, when user TiltOnPlay posted to Reddit about the fact that if you linked your mobile number to your MiHoYo account, it showed up in full when you typed in your username. 

Others chimed in on the thread, revealing that the problem was not universal: some numbers were censored as normal, while others were not. The issue may have been related to the "forgotten password" mechanic at login.

MiHoYo took pains to correct the issue quickly. "[The] team has already noticed the systematic issue which might accidentally reveal users' phone number," the developer said in a statement provided to Gamesindustry.biz. "[The] team took immediate action to fix the problem, and so far the issue should be resolved now."

This isn't the first time a security breach has raised privacy concerns surrounding Genshin Impact. Immediately after its release on PCs, players complained that MiHoYo's anti-cheat system continued to run in their PC's backgrounds even after the game had been exited or uninstalled. After assuring users that the anti-cheat program only read system information to create a fair playing ground, MiHoYo resolved the issue. 

"We highly respect the privacy of every single player, and we will strive to improve our internal processes and more carefully consider player feedback so that we may try to prevent this kind of situation from happening in the future," the company said in a blog post regarding anti-cheat. 

But questions remain. MiHoYo is a Chinese developer, which had potential fans worried about privacy even before the title was released because of the country's policies about personal data. Also, it seems that another Reddit user, skydtlee, sounded the alarm about the more recent problem three weeks ago and urged users not to link their mobile numbers or use the same username as they do elsewhere. 

A digital security expert at ProPrivacy, Andreas Theodorou, urged NintendoLife readers to "take great care over the coming months" and keep an eye out for targeted scams or other types of harassment that may come about as a result of the breach. Theodorou said, "This is not the first time MiHoYo has been criticized for failing to secure users' privacy and shows how little concern they pay. By showing users' personal information, with no authentication, they have allowed potential stalkers, scammers, and other cybercriminals access to sensitive information, and carelessly put Genshin players at risk."

Genshin Impact is currently available for PCs, mobile phones, and the PlayStation 4. In Genshin Impact's first few days of release, it was installed 17 million times. A Nintendo Switch release is forthcoming, but no date has been announced. This could conceivably make the game's audience even larger, exposing more personal information if MiHoYo hasn't properly locked it all down. The company announced yesterday that a new 1.1 update is imminent, but no security tweaks are listed among the changes being made.