[BreachExchange] Magic the Gathering and MTG Arena users urged to change passwords following data breach
Destry Winant
destry at riskbasedsecurity.com
Mon Nov 18 10:05:59 EST 2019
https://www.eurogamer.net/articles/2019-11-17-magic-the-gathering-and-mtg-arena-users-urged-to-change-passwords-following-data-breach
The creators of Magic the Gathering have contacted MTG Arena and Magic
Online players following a data breach that leaked users' names, email
addresses, and passwords.
In an email sent to those affected by the incident, Wizards of the
Coast explained that an internal database from a "decommissioned
version of the WotC login" was accidentally "made accessible" online.
While the incident has reportedly been described as isolated and WotC
has no reason to believe "that any malicious use has been made of the
data", information was nevertheless obtained outside the company.
Furthermore, it's reported no payment or financial information was at
risk, and passwords were stored securely in an encrypted form, so it's
unlikely they can be extracted for malicious purposes.
"Dear Wizards community, we are writing to let you know of a recent
security incident at Wizards of the Coast," WotC said (thanks,
Dotesports). "On Nov. 14, we learned that an internal database file
from a decommissioned version of the WotC login had inadvertently been
made accessible outside the company.
"We believe this was an isolated incident related to a legacy database
and is unrelated to our current systems. Based on our current
investigation, we have no reason to believe that any malicious use has
been made of the data."
As a precautionary measure, WotC is asking all players to update their
passwords over the next seven days. If you're unable to do so, WotC
will reset it for you.
More information about the BreachExchange
mailing list