Several reports have been forwarded directly to developers over the past few weeks: a major security flaw in account management related to Genshin Impact makes it very easy to get sensitive player data.

The testimony comes directly from Reddit, in which several users confirm that they have succeeded in viewing their telephone number without obviously accessing the portal. This happens through the password recovery system. As usual it also happens for the most famous world internet sites, it is possible to connect a telephone number to your profile in order to receive the canonical confirmation code. Somehow the developers of the site dedicated to Genghsin Impact would have forgotten to enter the censorship of the number, making it very easy to obtain sensitive data covered by the privacy policy.

No official notes or reactions come from at the moment MyHoYo. It is not clear whether this problem plagues the portal globally, but the reports continue to multiply.