Recent announcements about a miHoYo data leak could potentially be a Phishing scam, according to the Genshin Impact players community. In a Reddit post, user u/Veritasibility reported that earlier, another user was trying to help users protect their accounts from an alleged miHoYo leak. It has come to his attention recently though that the alleged leak was fabricated in order to trick the Genshin Impact players.
How is the Phishing scam taking place in Genshin Impact?
Phishing is a practice where a user sends out information feigning to be reputable or trying to help you. When in actuality they are just trying to trick you into revealing personal information that they can use to scam you with. So how is this taking place in Genshin Impact?
In order to trick the players of Genshin Impact, the scammer had made announcements of a website that could check if your miHoYo account had been compromised or not. As a part of this process, he told everyone that there was a leak from miHoYo’s servers. Then he claimed to have obtained over 150k Genshin Impact accounts from the leak. Now, all you needed to do was log in to their website and check if your account info was on the file.
But, this is only a part of the file. If you are fast enough, you would notice that the UIDs in the screenshot have 8 digits. Well here’s the problem, all UID in Genshin Impact have 9 digits. This means that the leaks uploaded to the website were fake. Since it’s fake, that made users start to look more closely into the user with these claims. What they found were posts detailing hacking tools and other user’s Genshin Impact account information.
We would recommend that if you have visited the website detailed here, then you immediately change your account information to protect your account.
How to protect your account in Genshin Impact?
For users who are unaware of how to properly protect their account, user u/Veritasibility has noted some good practices. It is not a data breach on the miHoYo’s side. If you did not use the website, you should be unaffected.
However, if one of your accounts from other websites or games has been compromised or included in a data breach, hackers may be able to use those credentials to hack your Genshin Impact account if you are using the same email/username and password. It’s called Credential Stuffing.
Here are a few tips to make your Genshin Impact account less vulnerable to credential stuffing.
- Use a reputed website like have I been pwned to check whether any of your email addresses have been compromised. If they have, change your password for every account under that email, ie all websites/games/services, including Genshin Impact.
- Use a unique password for your Genshin Impact account. It would be better if you can do so for all other accounts of different websites/games/services.
- Use a password manager. It is probably one of the best practices for general account security.
We hope that you’ll follow the steps and protect your account from the Genshin Impact Phishing Scam. If you have any questions, feel free to drop them in the comments below.