It is often that a data breach reveals other issues that a business is experiencing, but it isn’t every day I see the opposite. When I heard about what was happening at Bethesda Softworks and their online game, I was interested immediately.
The background on this is simple enough. Bethesda is a well-known video game maker with a number of well-known titles. Fallout 76 was the newest title in one of their series, but unlike previous titles, was an online game. Many were excited for this title and there special editions of this game offered to those willing to spend extra. Upon the launch of a game with a large amount of bugs and glitches, a number of issues took place.
First, the collector’s editions came with a few items, most notably a canvas bag. Many were disappointed that the bag was not actually made of canvas and instead more of a synthetic material. People began demanding refunds. This is where the issues got worse. A site was set up to process the refund requests, however an issue happened when providing a receipt to these customers. Individuals were getting the information of other customers, including names, emails, and partial credit card information. But it got worse.
It turned out that individuals were able to actually access and edit existing tickets of any person that had submitted one. That means if someone really wanted to, they could close out every ticket and “resolve” them. There were no bad actors that were found to do this, but there was no hacking or other illicit activity. This all happened because of hasty setup and lack of review by Bethesda.
The real moral here is that handling a breach, or any incident, is just as important as preventing such a scenario. Bethesda had an incident with the initial response and requests for refunds. It was bad, but had it been handled well, it would have been a footnote in the otherwise poor launch of their game. However, the mishandling of the refunds, and by extension the inadvertent release of their customers data made it that much worse. A good response may net little, but a poor response can make things exponentially worse.