Genshin Impact suffers from a security problem

Something about a month and a half has passed since the launch of Genshin Impact, of which we already informed you at the time, a complete success on the market, as it took only two weeks to raise no less than 100 million dollars. In the month since then it has undoubtedly lost some traction, and a clear example of this is that, after a debut in the first positions, it is currently rare to find it among the 20 most broadcast games on Twitch. Last night, in the prime time of the platform, it was hovering around 30,000 viewers, compared to 340,000 for Minecraft or 210,000 for Among Us.

Even so, there are still many people who are advancing in the adventure proposed by Genshin Impact, and both these players, as well as those who tried it at the time but have left it relegated to the background, have been unknowingly exposed to a security problem which has recently been resolved. and for which the phone numbers could be filtered of all those users who have used it to register their user accounts, or who have added it to their account information later.

The issue, which was reported by multiple users via Reddit, arose when using the account recovery function, that is, the one that allows you to create a new password in case you have forgotten the previous one. To regain access to the Genshin Impact account on the web, it is necessary to enter the username. So, if the user has added both an email account and a mobile phone number, they are allowed to choose which of the two means they want to use to regain access.

This method is very common and, to make the choice easier for the user, the common thing is that a small fragment of the email or telephone address is displayed, so that we can identify them correctly. However, and for some unknown reason, when trying to recover the Genshin Impact account with an email account, it was only partially displayed, but if you chose the phone number, it was displayed completely, part of it was not masked.

Genshin Impact suffers from a security problem

Thus, knowing the username of a Genshin Impact player, it was possible to access the password reset function, write that name and, if that person had used their phone number, we could access it. The problem has already been solved, but until MiHoYo has solved it, and especially since it was made public on Reddit, surely there are many users who have tried the security hole and, therefore, surely there are not few phone numbers that have been able to see exposed.

A big suspense for the creators of Genshin Impact that, although they have shown to have quite a talent for games, they have largely neglected the security and privacy of their users, by not checking something as basic as that their phone numbers could be seen by anyone, as long as to know your username.