A misconfigured legacy database administered by game publisher Wizards of the Coast reportedly exposed the information of hundreds of thousands of online gamers who played Magic: The Gathering Arena or Magic: The Gathering Online.

According to various media reports, Renton, Wash.-based WoTC recently sent impacted users an email stating that on Nov. 14 "we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company." The reports note that the file had been residing in an openly accessible Amazon Web Services storage bucket. U.K.-based penetration and security testing consultancy Fidus Information Security has been credited with finding the database.

Exposed information reportedly included players' names, email addresses and hashed and salted passwords, as well as the date and time their accounts were created. WoTC does not have reason to believe the information has been used maliciously. Nevertheless, players are encouraged to reset their passwords as a precautionary measure.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.