Usually when you’re a customer and something awful happens with a company’s product, you call customer support, you state your case, you attempt to get things resolved. Well, that didn’t quite happen for the people who were having support issues with games like Fallout 76, as they found out that their personal information had accidentally been released.
The official statement on the matter was outlined through the Bethesda Support Twitter account, which did the mandatory step of informing the gaming audience that there was a website error that resulted in people submitting tickets through Bethesda’s support, only to have all of their personal information, home address, and credit card info made available to an undetermined amount of users logged into Bethesda’s system.
The error enabled other users logged in to not only see all the support tickets in Bethesda’s system, but also respond to customers, forward or close out their support tickets, and even look over all of their personal details and account information within Bethesda’s database.
Essentially, anyone using the customer support system was accidentally doxed.
While this garnered some laughs and jokes on various forums and social media about the bug being a “feature,” things turned grim real quick when people realized that some of their personal identifying information and payment information could be in the hands of hackers, criminals, or identity thieves.
As noted by Bethesda’s support, a limited number of other customers could see all of the support ticket information, but there’s no figure on just how many people had access to that information. Bethesda makes it known that it’s still investigating the matter and will update people when there is more information.
The company was quick to respond, which is a necessary part of the process both in the U.S. and in Europe. Within the U.S. companies that suffer a data breach must inform the public about it immediately, as part of the NCSL mandate for corporate ethics. In Europe, the new GDPR mandate states that within 72 hours of the data breach companies must inform the general public. So, at the very least, Bethesda did inform the general public about the breach… or rather, the website bug.
As noted by Eurogamer, the majority of these issues that were being reported to customer service stem back to the Fallout 76 debacle, when customers who purchased the Power Armor Edition were supposed to receive a canvas bag. However, Bethesda originally claimed that the canvas bag material was unavailable and so it was not possible to send the bags to customers who paid $200 for the collector’s edition. Instead, the company sent out cheap nylon bags with the bundle, but didn’t inform customers about it.
Bethesda originally offered 500 in-game Atoms as a form of compensation, but then legal firms got involved, claiming that Bethesda pulled a bait-and-switch, and were gathering information for a class-action lawsuit. Bethesda then changed its tune and said that those who purchased the collector’s edition could get a replacement for the nylon bag with a proper canvas bag by using the website support system. Unfortunately, for those who did use the support system, they were met with the unfortunate outcome of having their personal information put out there for public perusal.