‘Magic: The Gathering’ confirmed the leak of hundreds of thousands of player data.
The maker of Magic: The Gathering has confirmed that a security breach exposed the data of hundreds of thousands of game players. The data breach included leaked users’ names, email addresses, and passwords.
Magic: The Gathering
There are Pc game versions of MTG ARENA and MAGIC ONLINE in Magic: The Gathering (MTG)– World’s first traditional card game released in 1933. Wizards of the Coast, the developer of MTG, warned that user account information might have been leaked recently.
Have you played this game? If not, it has something to offer you. Well, it has it’s drawbacks too. In the game, two or more players assemble a deck of 60 cards with varying powers. They choose these decks from a pool of some 20,000 cards created as the game evolved. It’s similar to the role-playing fantasy games such as Dungeons and Dragons having more cards and complex rules than other card games.
Email sent to those affected by the incident was accidentally ‘made accessible’ online from a ‘decommissioned version of the WotC login.’ A reviewed database file showed there was 452,634 players’ information, including about 740 email addresses associated with Wizard’s people. The database included player names and usernames, email addresses, and the date and time of the account’s creation. The database also consisted of passwords, which were hashed and salted, making it difficult but impossible for the compromised data.
It is said that the company left a backup database containing gamer information in a public Amazon Web Services storage bucket where it was accessible from early September. The Database was used to house data relating to the game’s online portal.
According to the researchers, no data was encrypted. The accounts date back to at least 2012 and some to 2018, according to a recent review. As described by WotC, the incident was isolated, and ‘no malicious use has been made of the data.’
Furthermore, no payment or financial information was at risk, and passwords were sorted securely in an encrypted form, making it impossible for malicious extraction purposes. The misconfigurations and lack of basic security awareness still lacks and exists on a global scale, especially, with a userbase of over 450,000 accounts of players.
Researchers are still looking for misconfigurations, such as falling in the wrong hands. Wizards of the Coast has sent out emails to affected users and is urging all players to change their passwords within the next week. It is being said that; the developer will manually reset all account passwords.
To mitigate the attack, the users shall change their passwords and raise an issue if any kind of breach is noticeable.