Yesterday, it was discovered that an error with Bethesda's customer support website allowed people to view other customers' support tickets. These tickets contained personal info including contact info, purchase information, and username. After an investigation Bethesda said that no passwords or full credit card information were at risk.
Today, Bethesda sent out the results of a deeper investigation to explain what exactly happened, and to what extent personal information was vulnerable. Bethesda learned that the exposure last about 45 minutes and confirmed again that neither passwords nor full credit card information were disclosed.
"As previously reported, on December 5, 2018, we experienced an error with our Customer Support website that resulted in the exposure of a limited number of customer tickets," says a Bethesda representative. "Upon discovery, we immediately took down the Customer Support website, remediated the error and restored the Customer Support website."
"From our investigation, we have learned that, on December 5, 2018, there was a brief period of time during which customers accessing our Customer Support website may have been able to view the customer support tickets submitted by other customers during this same time period. Based on our current investigation, we believe this exposure window lasted approximately 45 minutes."
Bethesda says that during the exposure window "fewer than 123 customer support tickets were submitted and may have been partially or fully viewed by others accessing the Customer Support website." The company adds that of the 123 tickets "no more than 65 customer support tickets contained personal data that may have been exposed."
While neither Bethesda account passwords or full credit card numbers were included in the exposed tickets, "name, user name and contact information (e.g. email, address and pho number)" and "proof of purchase information" if they were included in the support ticket at all, were viewable.
This could mean that while no full credit card numbers were exposed, the last couple digits as printed on a receipt could have been viewable. Bethesda says it is contacting customers who may have been impacted by the vulnerability and that it sincerely apologizes for the situation.
Based on the findings posted by Bethesda and considering this wasn't a deliberate hacking attempt, the damage appears limited. However, Fallout 76's launch has proven to be quite rocky and the mounting incidents have not helped Bethesda in this turbulant launch period.