Bethesda unwittingly exposed Fallout 76 player data

7 Dec 2018

Still from ‘Fallout 76’. Image: Bethesda

Game publisher Bethesda under fire as private customer data shared.

Bethesda’s most recent video game, Fallout 76, has been on the receiving end of its fair share of criticism. Released in November, many players criticised the general bugginess of the game.

According to Kotaku, one such problem was an issue with a collector’s edition bag. Players were promised a military-style canvas bag and instead were sent a cheaply made nylon version. Naturally, fans were angered and the company said it would be processing customer support tickets about the issue up until 31 January next year.

Canvas bag opens can of worms

The bag furore was one of several issues for Bethesda, but one that caused another major problem. Motherboard reported that a number of people who submitted tickets to receive replacement bags were temporarily able to access parts of the company’s customer support system, including the ability to open and close other players’ tickets and snoop on personal data.

The loophole was closed fairly quickly, but Reddit is lighting up with stories of information shown that should have remained private. One user, Jessiepie, said: “I am receiving every single one of your support tickets on my Bethesda account. Mostly it’s your receipts for you [sic] power armor set requesting a new bag. These receipts contain all your info. Your email and home address and the card you used to buy this extremely glitched game.”

Bethesda investigating the ‘Fallout’ fallout

A community manager on Bethesda’s official forum said: “Hi guys, we’ve resolved the issue.” Following this, the company added: “We experienced an error with our customer support website that allowed some customers to view support tickets submitted by a limited number of other customers during a brief exposure window. Upon discovery, we immediately took down the website to fix the error.”

According to the company, it is still investigating the issue. A limited amount of customer data leaked, including name, player username, contact information and proof of purchase. It said it planned to notify all those affected. On 7 December, it announced that fewer than 65 customer support tickets contained personal data that may have been exposed, and none of those contained passwords or payment information.

While the breach itself may be small in size, it is yet another millstone around the neck of Bethesda’s first in-house game. According to Kotaku, a patch released by the team fixed some of the biggest problems, but went on to create others. Reports of the game freezing and crashing have been noted on forums, with many players stating the game should never have been released at the stage it was made available.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects