Wizards of the Coast has advised Magic the Gathering and MTG Arena players to update their details following a data breach that compromised users’ names, email addresses, and passwords.
Disclosing the breach by way of an email sent to those thought to have been affected, Wizards of the Coast revealed information was compromised when a “decommissioned version of the WotC login” was inadvertently “made accessible” to people outside of the organisation. Though reportedly an isolated incident, WotC maintains there’s no evidence “that any malicious use has been made of the data” contained within the internal database and insists no payment or financial information was at risk.
Though passwords were compromised via the data breach, they had been securely stored in an encrypted form. However, as a precaution, users are advised to change their passwords within the next seven days.
“Dear Wizards community, we are writing to let you know of a recent security incident at Wizards of the Coast,” WotC said (thanks, Dotesports, via Eurogamer). “On Nov. 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company.
“We believe this was an isolated incident related to a legacy database and is unrelated to our current systems. Based on our current investigation, we have no reason to believe that any malicious use has been made of the data.”
The organisers of E3, the Entertainment Software Association (ESA), was forced to post an apology earlier this year after it unintentionally published the names, home addresses and phone numbers of more than 2,000 journalists who attended E3 over a number of years, including 2019.
These details, which have now been removed, appeared in a spreadsheet that was hosted on E3’s website. Since then, the ESA has apologised in a statement sent to those affected, saying: “The Entertainment Software Association (ESA) was made aware yesterday of a website vulnerability on the exhibitor portal section of the E3 website. Unfortunately, a vulnerability was exploited and that list became public. We regret this happened and are sorry.”