Genshin Impact’s big success – and big mistake

Chinese mobile and PS4 game, Genshin Impact, took in a record $245 million in its first month alone, jumping ahead of China’s most popular game, Honor of Kings (Tencent), and PUBG (Tencent) according to Sensor Tower.

But soon thereafter, its publisher, miHoYo, was accused of being careless with private data after it was discovered that user phone numbers were being leaked as part of its password recovery process.

Redditor TiltOnPlay first reported the breach in a thread on reddit’s r/Genshin_Impact channel. When asking to verify the user via SMS code, a user’s full phone number was sometimes displayed. This meant that any user’s personal phone number could be acquired simply by entering their username and going through the “forgot password” process.

Oddly, TiltOnPlay reported that if the email method was selected, email addresses were appropriately masked.

Although the issue has since been fixed, miHoYo received worldwide press accusing the company of being too careless with sensitive customer data.

What does this mean for you?

Developers who make such simple mistakes can quickly lost the confidence of users and quickly invite a public relations nightmare. Increased attention and scrutiny can also make you a larger target for “white hat hackers” who routinely attempt to breach systems in order to discover and report security flaws.

In China, serious breaches of the government’s personal data privacy laws can lead to large fines and cause your game license to be revoked, which would prevent you from being able to distribute your game in the country’s rich and fast-growing game market.

To protect yourself, we recommend game publishers in China follow these guidelines:

• During your password recovery process, be sure to use asterisks to mask a significant portion of the phone or email in any confirmation notice to the user.
  Example: t****ns@gmail.com
• Ensure all your data that is generated inside China resides on Chinese servers as required by law – especially personal user data. Hosting locally in China is a must for nearly every game or app to be distributed in the country. It also happens to be the best way to ensure the high performance and speed.
• Familiarize yourself with China’s data privacy laws before you attempt to publish your game, and make adjustments to your data architecture to comply. Do not assume the laws are the same as in your home country, because they most likely are not.
• Finally, if you are considering publishing your game in China, gain instant peace of mind by working with an experienced, professional China publishing partner to ensure your game is legally compliant. Doing this at the outset will save a lot of headaches when you are knee deep in the approval process for a game license, ICP Filing or other required permits.

Genshin Impact is a free-play gacha open-world RPG, not based on any previous franchise. It first caught gamers’ notice for its appealing, detailed art style.