« Air Canada introduces interactive airport maps in redesigned app | Main | Disney+ to offer 'The Simpsons' in original uncropped format in early 2020 »
Sunday
Nov172019

'Magic: The Gathering' developer exposes data of 452,000 players

Wizards of the Coast, the developer of Magic: The Gathering, exposed user data of 452,634 players because of a security lapse. The Washington-based game maker left a file in a public Amazon Web Services storage bucket without a password or encryption, giving anyone access to the information. 

The data included 470 staff email addresses, players' names and usernames, email addresses, the date and time the accounts were made, and hashed and salted user passwords. The account data ranged from 2012 to 2018.

The developer claims this was "an isolated incident," and they believe the data wasn't used for malicious activity. The UK-based Fidus Information Security discovered the exposed database in September and informed the developer. But the files were only taken down once TechCrunch asked them about it.

Harriet Lester, Fidus' director of research and development, said it was "surprising in this day and age that misconfigurations and lack of basic security hygiene still exist on this scale, especially when referring to such large companies with a userbase of over 450,000 accounts."

Wizards of the Coast said they are notifying players who have their data exposed via email to change their passwords as soon as possible.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>