You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Update: In an email, MiHoYo said that the problem with linked mobile numbers being displayed in full on the password recovery screen has now been corrected. "Our team indeed noticed the systematic issue and took immediate action to fix the problem," a studio rep said. "The issue should be gone now."
Comments in the Reddit thread that attracted attention to the issue also indicate that the issue has been resolved. Unfortunately, there's no indication of what the problem was or, more importantly, how long mobile numbers attached to MiHoYO accounts were leaking or how many users may have been impacted. I've reached out to the studio for more information and will update if I receive a reply.
Any email address can be entered into the "forgot password" page, after which the option to verify the account can be switched to using a linked mobile number rather than an email address—meaning that anyone can enter an address and potentially access the user's mobile number. Aside from the obvious downsides of having your phone number exposed to the world (which, as CNet explains, can be quite serious), several users have pointed out that leaving data lying around in the open like this is also a big violation of the EU's notoriously strict privacy laws.
Many Genshin Impact players in the thread say that their numbers are being properly covered up, and both Steven and I tried it and found the same thing—we entered our email addresses into the account verification screen, and the attached numbers came up censored. Location may be a factor, although there doesn't appear to be enough commonality to really nail it down at this point—several Indonesian players say their numbers are covered, but people from other locations in Asia and at least one in North America claim that theirs are fully exposed.
Giving the allegations some credence is the fact that this isn't actually the first report of this problem: Redditor skydtlee posted about the same issue, also with screens, three weeks ago. That thread went largely unnoticed, though, so the problem is only coming to widespread attention now.
