A new report has emerged over a Genshin Impact security breach that saw players\’ mobile phone numbers exposed via the account recovery system, and it\’s unclear for exactly how long the leak existed for. Genshin Impact, from developer MiHoYo, is in the running for one of the most important releases of 2020, with global success and sales to match thanks to its compelling blend of Breath of the Wild-inspired exploration and anime gacha elements forming an addictive gameplay loop.

Genshin Impact\’s quick rise to prominence hasn\’t been without a few issues, however. Most notably, a Genshin Impact controversy over the game\’s censorship – which complies with Chinese law, as MiHoYo is based in that country – caused some fans to angrily dismiss the title as supporting misinformation and propaganda. While that storm died down as players grew more familiar with the situation the developer found itself in, it highlighted that Genshin Impact might not have been prepared to deal with scrutiny on the level it found itself under after its explosion in popularity. Since then, however, things have been relatively quiet for MiHoYo, as Genshin Impact content releases begin to get mapped out and highlighted in support of the game\’s larger plan.

A new report from PC Gamer, however, has highlighted another issue present within Genshin Impact that may have persisted for weeks without being addressed. According to a Reddit thread in the game\’s subreddit, users discovered that they could look up other players\’ mobile phone numbers by accessing the account recovery system, which displayed the mobile number tied to the account without censoring any part of it. This Genshin Impact security breach was obviously an issue – letting anyone on the internet look up a player\’s mobile number by just having their username is a scary proposition – that has since been addressed by MiHoYo as of yesterday.

However, that\’s not the end of the story. A user reported the issue on the same subreddit three weeks prior to the revelation and, whether due to the time it was posted or not being perceived as an issue during that timeframe, the info was buried and never resolved. That suggests that player mobile phone numbers have been leaked for at least several weeks, however, and the issue could have persisted for much longer than that. If the Genshin Impact security breach has been present for that long, it\’s possible it\’s already been exploited maliciously and gone unreported by those looking to abuse it.

Luckily, there haven\’t been any reports of any security breaches stemming from Genshin Impact leaking player phone numbers as of yet – just a general sense of unease at how this was allowed to happen, and uncertainty at how long it\’s been on-going. It does ask bigger questions of the game, however, and of MiHoYo. It\’s becoming clear that the developer might not be ready to handle a playerbase this large, and if that\’s true, more steps need to be taken to protect player security first and foremost. For now, however, the Genshin Impact security breach has been resolved, though it may be some time before we understand what exactly may have happened during it.