A misconfigured legacy database administered by game publisher Wizards of the Coast reportedly exposed the information of hundreds of thousands of online gamers who played Magic: The Gathering Arena or Magic: The Gathering Online.
According to various media reports, Renton, Wash.-based WoTC recently sent impacted users an email stating that on Nov. 14 "we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company." The reports note that the file had been residing in an openly accessible Amazon Web Services storage bucket. U.K.-based penetration and security testing consultancy Fidus Information Security has been credited with finding the database.
Exposed information reportedly included players' names, email addresses and hashed and salted passwords, as well as the date and time their accounts were created. WoTC does not have reason to believe the information has been used maliciously. Nevertheless, players are encouraged to reset their passwords as a precautionary measure.
TechCrunch reported that a review of the database file revealed 452,634 players’ information and 470 email addresses associated with WoTC employees.
MTG Arena and Magic Online are both digital versions of the popular original MTG card trading game.
SC Media has not heard back from Wizards of the Coast for additional comment.