In a security breach last night (now resolved), Bethesda’s support site revealed the personal information of customers who’d submitted support tickets. The details – which included people’s names, addresses and phone numbers – mostly belonged to Fallout 76 Power Armor Edition buyers, who were after a replacement canvas bag for the nylon one that was actually included.
What a mess.
If you submitted a support ticket last night, there’s a chance you’d be given full access to other people’s tickets. In addition to reading other customers private communication with Bethesda, that would also give you a peek at any receipts they’d submitted – which contained people’s addresses and some basic details about their credit cards.
Unfortunately there were rather a lot of receipts, thanks to the many people who bought the £175 Fallout 76 Power Armor Edition who were claiming the canvas bag Bethesda advertised.
The Bethesda Support twitter account tweeted this morning to say the issue had been resolved, and pointed out that no passwords had been revealed.
“We experienced an error with our customer support website that allowed some customers to view support tickets submitted by a limited number of other customers during a brief exposure window. Upon discovery, we immediately took down the website to fix the error.
“We are still investigating the incident and will provide additional updates as we learn more. During the incident, it appears that the user name, contact information, and proof of purchase information provided by a limited number of support customers on their support ticket requests may have been viewable to other customers accessing the the customer support website for a limited time, but no full credit card numbers or passwords were disclosed. We plan to notify customers who have been impacted.
“Bethesda takes the privacy of our customers seriously, and we sincerely apologize for this situation.”
That says the information of a “limited number of other customers” was revealed, though that’s arguably misleading. Based on the short time intervals between the tickets shown, it looks like people were seeing every ticket that came in. That number was limited to people who submitted tickets in a brief exposure window, which might just have been an hour or so given the time difference between when the issue was first reported and when Bethesda gave this unapologetic response.
“Hi guys, we’ve resolved this issue”.