A US gaming company has confirmed that a security incident resulted in the personal data on hundreds of thousands of gamers being exposed.
The game developer of “Magic: The Gathering”, Wizards of the Coast, left a backup file in a public Amazon Web Services (AWS) storage bucket with no password protection- thus allowing anyone to access the file.
A review of the database by Fidus Information Security, found that the files contained 452,634 players’ information, including roughly 470 email addresses linked to Wizards of the Coast employees.
The database included full names, email addresses, usernames, data and time of when the account was created. In addition, the database also contained salted and hashed passwords.
Most of the accounts data back to 2012 – however some data entries have been identified as going back to mid-2018.
Wizards of the Coast sent emails last week to an unspecified number of Magic Online and MTG Arena users informing them of the security incident.
The email reportedly said: “Dear Wizards community, we are writing to let you know of a recent security incident at Wizards of the Coast. On Nov 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company.”
The database file has been removed the server and an investigation into the incident is being conducted. In addition, the company stated that it had no reason to believe that the data had been used maliciously.
“However, in an abundance of caution, we are notifying players whose information was contained in the database and required them to reset their passwords on our current system,” said Bruce Dugan, a spokesperson for Wizards of the Coast.
The company has confirmed that it has informed the UK data protection authorities, in line with EU GDPR regulation.
Harriet Lester, Fidus’ director of research and development, commented that it was “surprising in this day and age that misconfigurations and lack of basic security hygiene still exist on this scale, especially when referring to such large companies with a user base of over 450,000 accounts.”
The post #Privacy: Wizards of the Coast data leak exposes gamers appeared first on PrivSec Report.