“We have no reason to believe that any malicious use has been made of the data.”
The creators of Magic the Gathering have contacted MTG Arena and Magic Online players following a data breach that leaked users’ names, email addresses, and passwords.
In an email sent to those affected by the incident, Wizards of the Coast explained that an internal database from a “decommissioned version of the WotC login” was accidentally “made accessible” online. While the incident has reportedly been described as isolated and WotC has no reason to believe “that any malicious use has been made of the data”, information was nevertheless obtained outside the company.
Furthermore, it’s reported no payment or financial information was at risk, and passwords were stored securely in an encrypted form, so it’s unlikely they can be extracted for malicious purposes.
“Dear Wizards community, we are writing to let you know of a recent security incident at Wizards of the Coast,” WotC said (thanks, Dotesports). “On Nov. 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company.
“We believe this was an isolated incident related to a legacy database and is unrelated to our current systems. Based on our current investigation, we have no reason to believe that any malicious use has been made of the data.”
As a precautionary measure, WotC is asking all players to update their passwords over the next seven days. If you’re unable to do so, WotC will reset it for you.