Leaked data from fans of the popular card game. Nearly half a million injured users

11/22/2019 092550

Do you like card games? Your data may have been uploaded to the network.

Before the weekend, the network received information about a large leak of data of fans of the popular card game Magic: The Gathering. The source was supposed to be incorrect configuration of the brand owner's server, Wizards of the Coast. As a result of an error, information about Fr. 452,000 players.

Security researchers from Fidus have reported the data leak. They located unsecured database backup file users, located on the publicly available Amazon Web Services server.

The document was to be available around the middle of September and contain 452 634 fans of the Magic: The Gathering card game, who have an account with the service run by the game owner, Wizards of the Coast. The data that can be found in the file include, among others names, email addresses, as well as hashs and secured by a special algorithm (the so-called "salt") of passwords, and thus stored in a form in which it is not impossible to crack them, although difficult.

In an official response to TechCrunch, representatives of Wizards of the Coast admitted that they were the event actually took place and an internal investigation is underway to determine its scale and causes.

According to the company, everything indicates that this is a one-time incident and the data did not fall into the hands of criminals, but as a precautionary message were sent to users recommending changing the password. The company was also to inform the British Office for Personal Data Protection about the whole incident, which it is obliged under the provisions of the GDPR.

What should players do?

Players who have an account with the Wizards of the Coast service should first and foremost as soon as possible change password on this and other sites where they used them. For the future, it's also important to remember the basic rules of password hygiene, including changing them regularly and not using the same set of credentials on several pages. By following these simple rules, you can be sure that even if hackers gain access to your login details for a given portal or service, they won't be able to do much damage to them.

Source: DAGMA