Let's improve HoYoverse’s account security!
Let's improve HoYoverse’s account security!
The Issue
<<Please click here if you are looking for the translation of this petition in another language>>
A brief rundown of the objectives of this petition:
- Improve HoYoverse’s ineffective security that allows hackers’ easy access to our accounts.
- Improve HoYoverse’s support; their current support systems are inefficient and difficult for players to navigate, leading to outrageously long wait times for victims of hacking.
I am Akenouille, a French Genshin Impact player and streamer, and I was hacked last September 25th 2022.
Whilst initially I thought the retrieval process would be simple and of no big issue, I was quickly proven wrong.
With extensive research, I found out about the hacked community of Genshin Impact players revealing HoYoverse’s negligent account security measures. Not only were bare minimum requisites such as effective 2FA for accounts lacking in both their websites and their game as hackers could easily remove the user’s linked accounts with no notification nor efforts of prevention, but even information of the mere process of dealing with Hoyoverse support was complex and obscured from public knowledge.
HoYoverse’s inattentive thoughtlessness to the playerbase’s security, coupled to the lack of support staff in HoYoverse, should be brought to all players’ attention, as even players that haven’t been hacked yet are constantly exposed and under threat.
What changes/improvements do we want?
The following are ideas/goals to improve the security of HoYoverse, to prevent the expansion (or hopefully eliminate) of the Genshin Impact account selling market and to enhance their service in regards to account-related issues.
- A system that will allow players to block ALL log-ins to their account through a mobile application. It means if the player does not want anyone to log-in, they can enable that option and remove it whenever they want to play the game. As long as they enable it, no one can log-in. It also shouldn't automatically enable itself. It prevents the account from being trashed in case of a hack.
- 2-Factor Authentication System through authorization from a mobile application whenever the player tries to log-in with an unregistered device or attempts to change account security information such as email, mobile number and password.
- Security Questions prompted when the player attempts to change account security information. Example: Which was your favorite teacher's name?
- Providing the form in all languages supported by the game.
- Adding 2-Factor Authentication not only in-game but also while logging in account.hoyoverse.com (HoYoverse Account Website).
- A HoYoverse support website that follows the design of the feedback section in the Genshin Impact application, but includes all facets of the HoYoverse account (including Honkai Impact, Tears of Themis, etc) that details the account recovery process or other additional account related issues with digestible guides players can easily follow.
- A live chat support feature to address the situation with more immediate attention and reduce communication delays.
- Artifact/Weapons Pin-Lock system: The locked artifacts can only be unlocked by a 4-digit PIN. Failing to provide the correct pin 3 times in a row will start a cooldown period. The cooldown period will start from 5 min and each subsequent cooldown period will double the cooldown period duration.
- Reduced response times from HoYoverse support/increase of the HoYoverse staff. Some players were hacked a few months ago and still haven't recovered their account. The current deadlines set by HoYoverse are very long and make players lose a lot of resources in the game, while stressing them. Everyone should recover their hacked account within a few days.
- Option to lock the game with a PIN. Players would have to enter a PIN each time logging into the game. This will stop unauthorized persons from logging into the game.
Why do we need them?
Here is the list of problems encountered by a player who has just been hacked:
- The requirements for both forms are difficult to present UNLESS players note and keep track of such information prior to getting hacked.
Examples of required proofs include: (1) creation date of the account; (2) first log-in device components or specifications;(3) first purchase receipt (regardless if it was made by you, your friends, or even won in giveaways); etc. HoYoverse’s stringency regarding information provided on the forms cause many players to often go through many rejections during the course of their recovery processes (and with the long waiting time in mind, may take months and for some players, even a year or more).
- The forms claim that support will respond after 10 working days, but the real number of days that the player needs to wait before getting a response is in the 20s.
Even if they respond within 10 working days, this is still a long waiting period as compared to other games or even Steam which has a larger playerbase, which often retrieve accounts in less than a week with no issue.
The amount of damage the hacker or buyer could do while the player is waiting for their form to process is phenomenal. Some players lose EVERY SINGLE Primogem that they have saved for possibly months to characters/weapons they don't even want. With no rollback system in place, this is simply devastating for the player upon getting back their account.
In the worst case, hard-earned artifacts and 5-star weapons are trashed. The hacker/buyer might have also spent money on the account during the time they possessed it, and then may refund it after the player gets back the account, subjecting the player to negative primo gems which has detrimental impacts to players’ experiences, with the possibility of being banned furthering their distress.
The long waiting time is primarily due to the number of hacked players submitting forms. Therefore the solution for this is to drive into the root of the problem which is HoYoverse's account security system itself.
- There are no official posts by Hoyoverse to address a large majority of the information regarding account recovery procedures. All the help a player can get is by seeking volunteer assistance provided by other community run services (Discord/Reddit).
I call on every single Genshin Impact player to bring this matter forward and spread awareness of the importance of account security to the community! Don’t let yourself be too late to save your account from being stolen from you like I did.
Thank you for being part of the efforts of the Genshin Impact Hacked Community.
To support this cause even more, please don't forget to include "an improvement in account security" as an answer in every in-game survey from now on!
For more discussion, information, and questions, you can visit the aforementioned unofficial helping communities:
- Reddit: r/GenshinHacked
- Affiliated Discord Server: Travelers’ Tavern (link in the subreddit menu)
1,765
The Issue
<<Please click here if you are looking for the translation of this petition in another language>>
A brief rundown of the objectives of this petition:
- Improve HoYoverse’s ineffective security that allows hackers’ easy access to our accounts.
- Improve HoYoverse’s support; their current support systems are inefficient and difficult for players to navigate, leading to outrageously long wait times for victims of hacking.
I am Akenouille, a French Genshin Impact player and streamer, and I was hacked last September 25th 2022.
Whilst initially I thought the retrieval process would be simple and of no big issue, I was quickly proven wrong.
With extensive research, I found out about the hacked community of Genshin Impact players revealing HoYoverse’s negligent account security measures. Not only were bare minimum requisites such as effective 2FA for accounts lacking in both their websites and their game as hackers could easily remove the user’s linked accounts with no notification nor efforts of prevention, but even information of the mere process of dealing with Hoyoverse support was complex and obscured from public knowledge.
HoYoverse’s inattentive thoughtlessness to the playerbase’s security, coupled to the lack of support staff in HoYoverse, should be brought to all players’ attention, as even players that haven’t been hacked yet are constantly exposed and under threat.
What changes/improvements do we want?
The following are ideas/goals to improve the security of HoYoverse, to prevent the expansion (or hopefully eliminate) of the Genshin Impact account selling market and to enhance their service in regards to account-related issues.
- A system that will allow players to block ALL log-ins to their account through a mobile application. It means if the player does not want anyone to log-in, they can enable that option and remove it whenever they want to play the game. As long as they enable it, no one can log-in. It also shouldn't automatically enable itself. It prevents the account from being trashed in case of a hack.
- 2-Factor Authentication System through authorization from a mobile application whenever the player tries to log-in with an unregistered device or attempts to change account security information such as email, mobile number and password.
- Security Questions prompted when the player attempts to change account security information. Example: Which was your favorite teacher's name?
- Providing the form in all languages supported by the game.
- Adding 2-Factor Authentication not only in-game but also while logging in account.hoyoverse.com (HoYoverse Account Website).
- A HoYoverse support website that follows the design of the feedback section in the Genshin Impact application, but includes all facets of the HoYoverse account (including Honkai Impact, Tears of Themis, etc) that details the account recovery process or other additional account related issues with digestible guides players can easily follow.
- A live chat support feature to address the situation with more immediate attention and reduce communication delays.
- Artifact/Weapons Pin-Lock system: The locked artifacts can only be unlocked by a 4-digit PIN. Failing to provide the correct pin 3 times in a row will start a cooldown period. The cooldown period will start from 5 min and each subsequent cooldown period will double the cooldown period duration.
- Reduced response times from HoYoverse support/increase of the HoYoverse staff. Some players were hacked a few months ago and still haven't recovered their account. The current deadlines set by HoYoverse are very long and make players lose a lot of resources in the game, while stressing them. Everyone should recover their hacked account within a few days.
- Option to lock the game with a PIN. Players would have to enter a PIN each time logging into the game. This will stop unauthorized persons from logging into the game.
Why do we need them?
Here is the list of problems encountered by a player who has just been hacked:
- The requirements for both forms are difficult to present UNLESS players note and keep track of such information prior to getting hacked.
Examples of required proofs include: (1) creation date of the account; (2) first log-in device components or specifications;(3) first purchase receipt (regardless if it was made by you, your friends, or even won in giveaways); etc. HoYoverse’s stringency regarding information provided on the forms cause many players to often go through many rejections during the course of their recovery processes (and with the long waiting time in mind, may take months and for some players, even a year or more).
- The forms claim that support will respond after 10 working days, but the real number of days that the player needs to wait before getting a response is in the 20s.
Even if they respond within 10 working days, this is still a long waiting period as compared to other games or even Steam which has a larger playerbase, which often retrieve accounts in less than a week with no issue.
The amount of damage the hacker or buyer could do while the player is waiting for their form to process is phenomenal. Some players lose EVERY SINGLE Primogem that they have saved for possibly months to characters/weapons they don't even want. With no rollback system in place, this is simply devastating for the player upon getting back their account.
In the worst case, hard-earned artifacts and 5-star weapons are trashed. The hacker/buyer might have also spent money on the account during the time they possessed it, and then may refund it after the player gets back the account, subjecting the player to negative primo gems which has detrimental impacts to players’ experiences, with the possibility of being banned furthering their distress.
The long waiting time is primarily due to the number of hacked players submitting forms. Therefore the solution for this is to drive into the root of the problem which is HoYoverse's account security system itself.
- There are no official posts by Hoyoverse to address a large majority of the information regarding account recovery procedures. All the help a player can get is by seeking volunteer assistance provided by other community run services (Discord/Reddit).
I call on every single Genshin Impact player to bring this matter forward and spread awareness of the importance of account security to the community! Don’t let yourself be too late to save your account from being stolen from you like I did.
Thank you for being part of the efforts of the Genshin Impact Hacked Community.
To support this cause even more, please don't forget to include "an improvement in account security" as an answer in every in-game survey from now on!
For more discussion, information, and questions, you can visit the aforementioned unofficial helping communities:
- Reddit: r/GenshinHacked
- Affiliated Discord Server: Travelers’ Tavern (link in the subreddit menu)
1,765
Petition Updates
Share this petition
Petition created on November 17, 2022