Are you playing Genshin Impact? miHoYo’s hit, free-to-play action RPG? If so, and you’ve linked your mobile account, you might want to unlink it now.
Over on the Genshin Impact subreddit, a user has provided proof that apparently, if you linked your mobile number and retrieved your password by using the “forgot password” option, your entire mobile number will be shown to the public!
This has to be some sort of mistake right? Right now, if you were to go to the miHoYo account website –> forgot password –> and then enter your username, the email would be partially censored.
However, if you linked a mobile number, it is NOT censored at all. So if you have a common username or your username on Genshin is the same on another service such as Reddit, anyone on the internet can see your phone number. You can see for yourself right now on the website.
Having private information exposed this easily on the internet isn’t ok.
Probably the wise thing to do right now is to unlink your phone number for now. Hopefully miHoYo does something about this.
If you’ve linked your account via email, then you’re good, as it doesn’t show the full email address.
Mind, this is a huge security hole — one we hope that the devs act on ASAP.
If you haven’t downloaded the game yet, go check out our Genshin Impact review to see why the game is worth downloading and playing.