“Genshin Impact” Has a Serious Security Concern!

Do you play Genshin Impact?
miHoYo’s super hit, free-to-play, action RPG has some security concerns. If you’ve linked your mobile number to your account, you might want to unlink it now.
On the Genshin Impact subreddit, a user has provided proof that apparently, if you have linked your mobile number and retrieved your password by using the “forgot password” option, your entire mobile number will be shown to the public! Wow…
This has to be some sort of mistake, right? We hope so. Right now, if you were to go to the miHoYo account website –> forgot password –> and enter your username, the email address would be partially censored.
However, if you linked a mobile number, it is NOT censored at all. So, if you have a common username or your username on Genshin is the same on another service such as Reddit, anyone on the Internet can see your phone number. You can see it for yourself, right now, on the website.
Having private information exposed like this online isn’t ok. Mind you, this is a huge security hole — one we hope that the devs act on ASAP.
Let us know if you experience additional issues with Genshin Impact, privacy-related, or others, and we will bring the issues to light!