An MTG Arena data breach reportedly took place on Thursday, November 14, 2019, also affecting users of Magic: The Gathering Online. Thankfully, it seems that the data breach hasn’t revealed much in the way of useful information.
“Dear Wizards community, we are writing to let you know of a recent security incident at Wizards of the Coast,” read an e-mail from Wizards of the Coast as reported by Dot Esports.. “On Nov. 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company.”
“We believe this was an isolated incident related to a legacy database and is unrelated to our current systems,” the e-mail continued. “Based on our current investigation, we have no reason to believe that any malicious use has been made of the data.”
What Was Revealed in the MTG Arena Data Breach
Data breaches can be pretty scary and the MTG Arena data breach is no different. Thankfully, it seems that almost nothing of real value was revealed ot the people who got their hands on an outdated database.
Here’s the data that was revealed in the breach:
- First name
- Last name
- E-mail address
- Salted & hashed password
The last bit is especially important. While passwords were indeed contained in the compromised files, they were “salted” and “hashed”. This means that they were sufficiently encoded (hashed) with a random element thrown in (salted) that can’t be accessed without the right key. Thankfully, a key of that type is ideally kept safe — and the data breachers don’t have it.
Still, the MTG Arena data breach is enough of a cause for concern that Wizards of the Coast is advising both MTG Arena and Magic: The Gathering Online players to change their password as soon as possible. MTG Arena players can change their password at myaccounts.wizards.com, while Magic: The Gathering Online players can change their password through the game client. Unfortunately, DCI players will have to wait for an e-mail from Wizards.
What do you think of the MTG Arena data breach? Are you more upset that there was a breach or happy that Wizards’ data security practices prevented anything important from being revealed? Let us know in the comments below!