Recent announcements about a miHoYo data leak could potentially be a fishing scam, according to the Genshin Impact community.
In a Reddit post, user u/Veristability detailed how previously there were announcements of a website that could check if your miHoYo account had been compromised. However, redditors were quick to point out that the User IDs in their database were incomplete, as they only contained 7-8 digits instead of 9.
The Reddit post also claims to have looked into the history of the person posting the “leaked information” and identified their history with hacking tools.
“Since the “leak file” they were using on their website turns out to be fake, it is very likely that the website is being used to phish people’s account information.” they said.
“…Therefore, If you have used the website, please change your password immediately”, they continued.
The post also goes on to describe good practices for keeping your account secure, even when the game itself lacks tools. For example, Genshin Impact lacks 2-Factor Authentication, so once third parties have your password your account is as good as theirs.
Phishing is a common way for hackers to obtain personal information. Many phishing attempts don’t even try very hard to get it, instead preying on users who don’t do their due diligence.