Gaming News, Reviews, and Articles

MTG Arena Data Breach Reportedly Didn't Reveal Sensitive Data

Gaming article by Robert N. Adams on Monday, November 18, 2019 - 12:30
News
Release Date
December 31, 1969
Platforms
PC
Purchase (Some links may be affiliated)
wizards.com

Good Security Practices Keeps Private Info Safe

An MTG Arena data breach reportedly took place on Thursday, November 14, 2019, also affecting users of Magic: The Gathering Online. Thankfully, it seems that the data breach hasn't revealed much in the way of useful information.

"Dear Wizards community, we are writing to let you know of a recent security incident at Wizards of the Coast," read an e-mail from Wizards of the Coast as reported by Dot Esports.. "On Nov. 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company."

 

"We believe this was an isolated incident related to a legacy database and is unrelated to our current systems," the e-mail continued. "Based on our current investigation, we have no reason to believe that any malicious use has been made of the data."

MTG Arena data breach purple flame

 

What Was Revealed in the MTG Arena Data Breach

Data breaches can be pretty scary and the MTG Arena data breach is no different. Thankfully, it seems that almost nothing of real value was revealed ot the people who got their hands on an outdated database.

Here's the data that was revealed in the breach:

 
  • First name
  • Last name
  • E-mail address
  • Salted & hashed password

The last bit is especially important. While passwords were indeed contained in the compromised files, they were "salted" and "hashed". This means that they were sufficiently encoded (hashed) with a random element thrown in (salted) that can't be accessed without the right key. Thankfully, a key of that type is ideally kept safe — and the data breachers don't have it.

Still, the MTG Arena data breach is enough of a cause for concern that Wizards of the Coast is advising both MTG Arena and Magic: The Gathering Online players to change their password as soon as possible. MTG Arena players can change their password at myaccounts.wizards.com, while Magic: The Gathering Online players can change their password through the game client. Unfortunately, DCI players will have to wait for an e-mail from Wizards.

What do you think of the MTG Arena data breach? Are you more upset that there was a breach or happy that Wizards' data security practices prevented anything important from being revealed? Let us know in the comments below!

About the Author

A photograph of Robert N Adams

Robert N. Adams

Senior Writer

I've had a controller in my hand since I was 4 and I haven't stopped gaming since. CCGs, Tabletop Games, Pen & Paper RPGs - I've tried a whole bunch of stuff over the years and I'm always looking to try more!