Magic: The Gathering game maker exposed 452,000 players account data

The maker of Magic: The Gathering has confirmed that a security lapse exposed the data on hundreds of thousands of game players.
The games developer, the Washington-based Wizards of the Coast, left a database backup file in a public Amazon Web Services storage bucket. The database file contained user account information for the games online arena. But there was no password on the storage bucket, allowing anyone to access the files inside.
The bucket is not believed to have been exposed for long since around early-September but it was long enough for U.K. cybersecurity firm Fidus Information Security to find the database.
A review of the database file showed there were 452,634 players information, including about 470 email addresses associated with Wizards staff. The database included player names and usernames, email addresses, and the date and time of the accounts creation. The database also had user passwords, which were hashed and salted, making it difficult but not impossible to unscramble.
None of the data was encrypted. The accounts date back to at least 2012, according to our review of the data.
Magic: The Gathering game maker exposed 452,000 players account data
A formatted version of the database backup file, redacted, containing 452,000 user records. (Image: TechCrunch)
See also:
Leave a comment
  • Latest
  • Read
  • Commented
Calendar Content
«     2020    »