Bethesda are taking their reputation for buggy games to the next level, with their support system left wide open for customers to view each others’ support tickets and profiles last night. In the wake of Fallout 76’s release that included a lot of people demanding refunds, as well as those simply seeking to get a canvas bag that was advertised.
The loophole has now been closed – “Hi guys, we’ve resolved the issue,” said a community manager – but it’s another serious slip from Bethesda. In the latter case, customers were asked to provide proof of purchase, which would naturally include email addresses, home addresses and some card details. Exposing those details might see Bethesda falling foul of the new GDPR legislation and be subject to a fine.
At least we have Jessiepie’s mildly amusing Reddit post from when they found the issue:
Hi guys! First time Reddit poster here. I am a gleeful vault dweller as yourselves and as of this moment I am receiving every single one of your support tickets on my Bethesda account. Mostly it’s your receipts for you power armor set requesting a new bag. These receipts contain all your info. Your email and home address and the card you used to buy this extremely glitched game. I can see the problems you are having with the game, yes I’m having them too. And I know a few of you want a refund that Bethesda has said can’t happen. I can update your ticket for you, if you’d like. And close it! How fun is that? Please rest assure I have no desire to stalk you or mess with your Fallout 76 experience. I just wanted to let y’all know that this is happening atm. Anyway, I gave Bethesda a heads up via the Twitter. So we will see. I wouldn’t want to be the person having to respond to all of you. Currently there’s 8 pages of canvas bag requests, tickets and “fix or refund me” demands. Is there anyone enjoying the game like me? Oh well! See you in Appalachia. Be nice to each other. I love you!
UPDATE: Bethesda have issued the following statement.
We experienced an error with our customer support website that allowed some customers to view support tickets submitted by a limited number of other customers during a brief exposure window. Upon discovery, we immediately took down the website to fix the error.
We are still investigating this incident and will provide additional updates as we learn more. During the incident, it appears that the user name, name, contact information, and proof of purchase information provided by a limited number of customers on their support ticket requests may have been viewable by other customers accessing the customer support website for a limited time, but no full credit card numbers or passwords were disclosed. We plan to notify customers who may have been impacted.
Bethesda takes the privacy of our customers seriously, and we sincerely apologize for this situation.