Update: In a statement addressing the incident Bethesda says that while names and contact information were vulnerable for a limited period of time, no passwords or full credit card info were disclosed. The full statement below.
We experienced an error with our customer support website that allowed some customers to view support tickets submitted by a limited number of other customers during a brief exposure window. Upon discovery, we immediately took down the website to fix the error.
We are still investigating this incident and will provide additional updates as we learn more. During the incident, it appears that the user name, name, contact information, and proof of purchase information provided by a limited number of customers on their support ticket requests may have been viewable by other customers accessing the customer support website for a limited time, but no full credit card numbers or passwords were disclosed. We plan to notify customers who may have been impacted.
Bethesda takes the privacy of our customers seriously, and we sincerely apologize for this situation.
Bethesda is encouraging struggling players to submit support tickets so the company can resolve their Fallout 76 woes. But the support system might also need a fix as a glitch in Bethesda's system allows people to see not just their own ticket, but others' as well, giving them access to their personal info.
A thread on both the Fallout 76 subreddit and a locked thread in the official Bethesda forums flagged the company over what looks to be vulnerabilities in the company's support system. One redditor posted a thread claiming they are "receiving every single one of your support tickets" on their Bethesda account. "Mostly it's your receipts for [your] power armor set requesting a new bag. These receipts contain all your info. Your email and home address and the card you used to buy this extremely glitched game."
They said they also flagged Bethesda on Twitter and it's unclear if the original poster is one and the same with this Twitter user who reached out to the official Bethesda Twitter account raising this privacy concern.
A similar issue was flagged on the Bethesda forums with one user posting, "I went on the support website today, to update a ticket of mine, and surprisingly (or not...) I ended up being able to see all sorts of tickets, with people putting their personal information in them, like receipt screenshots, names, addresses and so on."
A Bethesda community manager responded to the thread saying the issue has been resolved, seemingly acknowledging the vulnerability.
Bethesda recently requested Fallout 76 owners who purchased the $200 collector's edition to submit their info to have their nylon bags replaced with the originally advertised canvas bags, which is perhaps the home address info the posters are claiming to have access to.
This doesn't appear to be a deliberate hacking attack, but rather an unforeseen consequence of the support system. But with the way players have reacted to Fallout 76 along with today's update which appears to have introduced even more bugs, customers are understandably upset.
We reached out to Bethesda for a statement and are awaiting a full response.