Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Genshin Impact Is Leaking Players’ Phone Numbers

Genshin Impact Is Leaking Players’ Phone Numbers

Genshin Impact players revealed that the miHoYo account website would not hide your linked mobile phone number when you (or anyone else) try to recover the password.

This is a huge oversight by the Chinese developer, which might seriously endanger players’ security and privacy.

Several players have shared screenshots showing that when they try to recover their passwords for an account linked to their mobile phone number, the miHoYo account website will not hide or partially censor the mobile number at all, but the number will be fully revealed instead.

This means that anyone can simply go to the game’s website, go to “forgot password ” and enter your username, and if you linked a mobile number, it will not be censored at all.

Also Read: 10 Principles On How To Build A Good Governance Model

An example can be seen in the picture below:

Genshin Impact Phone Number Leak
(Picture: u/TiltOnPlay)

In this way, anyone can find out your phone number just by knowing your username, which is especially problematic for streamers, since their username is known by many who watch their streams.

Interestingly enough, if your account is connected with an email instead, the email address will be partially censored.

Another user has shared a screenshot of the Genshin Impact PC login screen, which apparently also reveals your phone number completely if the account is linked to a mobile number.

Genshin Impact phone number leak pc
(Picture: FailGod/miHoYo)

It goes without saying that this severely breaches all data protection laws, and it poses a serious threat to users’ data security and privacy.

Until the issue is being solved, we advise you to urgently unlink your phone number from your Genshin Impact account, as it is currently exposed and can be easily accessed with this method by practically anyone who knows your username in the game.

At the time of writing this article, Genshin Impact account website is currently down, so it is possible that miHoYo is aware of this issue and are trying to fix it, while temporarily shutting down the website in order to protect players’ phone numbers from a potential exploit caused by this leak.

Genshin Impact has been released on 28th September and quickly became one of the most popular games of today, with over 30 million active players, which phone numbers now might be exposed.

Also Read: Data Storage Security Standards: What Storage Professionals Need To Know

We will follow the situation closely and update the article with new information.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us