Update: MiHoYo stated in an email that the issue with the password recovery screen showing the linked cell phone number in full text has now been fixed." Our team was indeed aware of the systemic issue and took immediate action to correct the problem." This issue should now be resolved."

Comments on the Reddit thread where this issue was brought to our attention also indicate that the problem has been resolved. Unfortunately, there is no word on the nature of the problem or, more importantly, how long the cell phone numbers associated with MiHoYO accounts have been out and how many users may have been affected. We have contacted the studio for more information and will update if we hear back.

Original article

A Genshin Impact player on Reddit reported a rather large potential privacy breach on MiHoYo's site. The site's forgotten password page offers an option to send a recovery code to a linked cell phone number, and in some cases, these numbers appear to be fully displayed rather than partially censored.

Redditor TiltOnPlay posted a screen illustrating this problem:

Any email address can be entered into the "Forgot Password" page, and then the option to verify the account, not the email address, but the linked You can switch to using your cell phone number. Aside from the obvious downside of having one's phone number exposed to the world (which, as "CNET" explains, is quite serious), several users have pointed out that leaving data open in this way is also a major violation of the EU's notoriously strict privacy laws They point out.

Many Genshin Impact players in this thread say their numbers are properly hidden, and Steven and I have tried and found the same thing. Several players in Indonesia say their numbers are hidden, while others in other parts of Asia and at least one player in North America say their numbers are fully exposed.

Giving credence to this allegation is the fact that this is not actually the first report of the problem: Redditor skydtlee posted about the same issue three weeks ago, and Redditor skydtlee posted about the same issue three weeks ago, but that thread received little attention, so it is only now that the issue is getting widespread attention.