Chinese mobile and PS4 game, Genshin Impact, took in a record $245 million in its first month alone, jumping ahead of China’s most popular game, Honor of Kings (Tencent), and PUBG (Tencent) according to Sensor Tower.
But soon thereafter, its publisher, miHoYo, was accused of being careless with private data after it was discovered that user phone numbers were being leaked as part of its password recovery process.
Redditor TiltOnPlay first reported the breach in a thread on reddit’s r/Genshin_Impact channel. When asking to verify the user via SMS code, a user’s full phone number was sometimes displayed. This meant that any user’s personal phone number could be acquired simply by entering their username and going through the “forgot password” process.
Oddly, TiltOnPlay reported that if the email method was selected, email addresses were appropriately masked.
Although the issue has since been fixed, miHoYo received worldwide press accusing the company of being too careless with sensitive customer data.
Developers who make such simple mistakes can quickly lost the confidence of users and quickly invite a public relations nightmare. Increased attention and scrutiny can also make you a larger target for “white hat hackers” who routinely attempt to breach systems in order to discover and report security flaws.
In China, serious breaches of the government’s personal data privacy laws can lead to large fines and cause your game license to be revoked, which would prevent you from being able to distribute your game in the country’s rich and fast-growing game market.
To protect yourself, we recommend game publishers in China follow these guidelines:
Genshin Impact is a free-play gacha open-world RPG, not based on any previous franchise. It first caught gamers’ notice for its appealing, detailed art style.