Open database exposes Magic: the Gathering online player info

News by Doug Olenick

Misconfigured legacy database of game publisher Wizards of the Coast expose information of hundreds of thousands of online gamers

A misconfigured legacy database administered by game publisher Wizards of the Coast (WoTC) reportedly exposed the information of hundreds of thousands of online gamers who played Magic: The Gathering Arena or Magic: The Gathering Online.

According to various media reports, WoTC recently sent impacted users an email stating that on 14 November "we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company." The reports note that the file had been residing in an openly accessible Amazon Web Services storage bucket.

Exposed information reportedly included players’ names, email addresses and hashed and salted passwords, as well as the date and time their accounts were created. WoTC does not have reason to believe the information has been used maliciously. Nevertheless, players are encouraged to reset their passwords as a precautionary measure.

TechCrunch reportde that a review of the database file revealed 452,634 players’ information and 470 email addresses associated with WoTC employees.

MTG Arena and Magic Online are both digital versions of the popular original MTG card trading game.

SC Media has not heard back from Wizards of the Coast for additional comment.

The original version of this article was published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews