OpinionVideo Games

[UPDATED] Bethesda’s Canvas Bag Problem Gets Ridiculously Worse


Six months ago, when Bethesda announced its online-only version of Fallout, Fallout 76, I was too busy sweating in the Los Angeles sun and waiting in security lines at the suddenly open to the public E3 to secure my own pre-order of the $200 Power Armor Edition. Thankfully, my wife (who knows how big a Fallout freak I am) was able to score me one.

Fast forward to last month, when the EXTREMELY LARGE box containing said collector’s edition arrived. Inside was the game, several cool tchotchkes, and the real reason almost anyone ponied up $200: the life-sized power armor helmet. I opened my box. I tried on my helmet. I felt cool.

But then I didn’t.

It turns out Bethesda had skimped. The Power Armor Edition was advertised as containing a canvas carrying bag for the life-sized power armor helmet. And yet when it arrived, my box contained a bag made of nylon. Basically it was the difference between something with an authentic military feel and something made to be thrown away. And I wasn’t the only one who was disappointed.

Bethesda initially declined to show remorse for this switcheroo, proclaiming “We aren’t planning on doing anything about it.” 

And then the backlash happened. Following days of escalating ire on Reddit and social media, Bethesda posted a short announcement on its Twitter account telling consumers who desired a replacement canvas bag to fill out a ticket through bethesda.net.

There was no apology. No explanation. The simply provided an opportunity to correct the error.

The mega-publisher had blamed the change from nylon to canvas on the “unavailability of materials.”And then, suddenly, after a certain volume of consumer ire had been reached, the canvas mysteriously appeared. At no extra cost.

If only this had been the end of the story.

Starting Wednesday, merely a week after the escapade began, reports of a major security flaw in Bethesda’s support website began circulating on Reddit and Twitter. It turns out some users of Bethesda’s support website were able to view orders and personal information of other customers. Including credit card info.

So, to summarize, if you ordered a $200 collector’s edition of a multiplayer-only game that started life as the multiplayer component of a game released by Bethesda over three years ago, you not only didn’t get one of the premium collectibles you were promised, but Bethesda initially didn’t care how you felt about that, then suddenly decided they did care but by offering you a chance to redeem the collectible they exposed your personal information to anyone who happened by.

Bethesda’s official statement — received by Escapist Magazine mere moments ago and simultaneously published to Bethesda’s Twitter account — reads as follows:

We experienced an error with our customer support website that allowed some customers to view support tickets submitted by a limited number of other customers during a brief exposure window. Upon discovery, we immediately took down the website to fix the error.

We are still investigating this incident and will provide additional updates as we learn more. During the incident, it appears that the user name, name, contact information, and proof of purchase information provided by a limited number of customers on their support ticket requests may have been viewable by other customers accessing the customer support website for a limited time, but no full credit card numbers or passwords were disclosed. We plan to notify customers who may have been impacted.

Bethesda takes the privacy of our customers seriously, and we sincerely apologize for this situation.

As one of the consumers affected and potentially doxxed by this ridiculous comedy of errors, I have to say: Apology not accepted.

We will report more as the situation develops.

UPDATE — Dec 7, 2018

Bethesda dumped an update on this situation during last night’s Game Awards news rush.

TL;DR: About 65 people had their information leaked during a window of approximately 45 minutes during which something went hinkey with Bethesda’s support ticket system. Bethesda is contacting those 65 people to notify them, and claims no full credit card numbers were leaked. Just, you know, names and addresses.

I have’t received a call from Bethesda about that yet, so I’m guessing I wasn’t one of the 60. If you were, let us know.

The full statement from Bethesda PR’s Matt Frary follows

As previously reported, on December 5, 2018, we experienced an error with our Customer Support website that resulted in the exposure of a limited number of customer support tickets. Upon discovery, we immediately took down the Customer Support website, remediated the error and restored the Customer Support website. We have conducted further investigation and analysis of this incident and would like to provide our Bethesda community with an update.

From our investigation, we have learned that, on December 5, 2018, there was a brief period of time during which customers accessing our Customer Support website may have been able to view the customer support tickets submitted by other customers during this same time period. Based on our current investigation, we believe this exposure window lasted approximately 45 minutes.

During this exposure window, fewer than 123 customer support tickets were submitted and may have been partially or fully viewed by others accessing the Customer Support website. Of those 123 tickets, it appears that no more than 65 customer support tickets contained personal data that may have been exposed.

Upon review of the exposed customer support tickets, we have confirmed that no user account passwords or full credit card numbers were included. The personal data exposed within the customer support tickets included:

  • name, user name and contact information (e.g., email, address and phone number), if submitted by a customer as part of a customer support ticket
  • proof of purchase information provided by a limited number of customers, related to game purchases from third party retailers

We are in the process of contacting customers who may have been impacted.

We greatly value and appreciate our Bethesda community. Again, we sincerely apologize for this situation.

About the author

Russ Pitts
Editor-in-chief of Escapist Magazine. VP Enthusiast Gaming Media. Co-founder of takethis.org. Co-founder of polygon.com. Former producer @ TechTV. Creator of Human Angle, Press Reset, and Stage of Development. Former six-time Webby Award-winning editor-in-chief of this very website. Twenty+ year veteran of the entertainment and media industries. Capricorn. Loves dogs.