Odds are, if you bought the $200 Fallout 76 Power Armor Edition, you filed a support ticket when you received a cheap nylon bag instead of the stylish canvas bag Bethesda had promised. After all, that little “mistake” was enough to send a law firm howling after the company, searching for proof of deceptive trade practices. Well, if you filed a ticket, you now know the private information of everyone else who filed a ticket, and they know yours.
Earlier today, Reddit user Jessiepie created a thread on the Fallout subreddit with a disturbing message. Not only did she have access to all active support tickets, including the ability to respond to and close them, she could see the private information included in each ticket. We’re talking mailing addresses, email addresses, and credit card numbers. And she isn’t a Bethesda employee; she is just a random gamer who apparently enjoyed Fallout 76.
The thread exploded in popularity and comments, more than a few of which corroborated Jessiepie’s claim, and the reports expectedly made their way to the official Bethesda forums. As some commenters pointed out, this glitch is a major privacy violation and constitutes a data breach. To make matters worse, data breach notification laws require companies that have experienced a data breach to notify anyone who might have been affected; something Bethesda hasn’t done.
In the spirit of fairness, though, this data breach was neither intentional nor the result of a malicious hacker group (probably), and Bethesda has since taken the support site down to fix the problem, but the damage has already been done. Not only does this snafu shake our faith in Bethesda’s ability to keep private information private, but anyone who filed a support ticket and then had half a mind for identity theft could easily have copied the information and filed it away for later use.
With any luck, this is the last we will hear about the data breach, Bethesda admitting the breach actually happened notwithstanding. If you were affected by the breach, here’s hoping nobody got a hold of your private information.