The password recovery system on the MiHoYo website – which holds the personal information of millions of Genshin Impact players – has reportedly been leaking the personal phone numbers of some of its players.
According to posts on the Genshin Impact Reddit, which was picked up by Vice (opens in new tab), since October players have been reporting a weakness in the website that showed the uncensored phone numbers attached to players’ usernames.
“If you were to go to the miHoYo account website; forgot password; and then enter your username, the email would be partially censored. However, if you linked a mobile number, it is NOT censored at all,” insisted one player, writing on the subreddit (opens in new tab) less than a week ago.
A player using the name Skydtlee also shared their concerns with Vice: “At the time I tried a couple of random usernames [from the Genshin Impact subreddit], and I was able to see their numbers as well.” MaitieS, another player active on the reddit, added: “When I tested it by myself I was able to see my whole phone number without any censorship.”
While MiHoYo has still yet to comment publicly on the issue, it appears the exploit has now been fixed, and many players are now confirming that the issue seems to have been addressed and fixed.
Genshin Impact update 1.1 is now live (opens in new tab), bringing the biggest collection of new content and features to the game since its full release back in September.
The update adds in new story quests which finish out the Liyue story arc, while also adding in a set of four new story characters to the Wish pool for gacha-collecting.
The Genshin Impact PS5 version (opens in new tab) was also confirmed for update 1.1. If you’re jumping into Teyvat for the first time, have a gander at our essential Genshin Impact tips (opens in new tab).