Wizards of the Coast have sent out an email to users of Magic Online and MTG Arena with a notification of a data breach. It recommends users to change their passwords within five days of the report. If not done in time, Wizards of the Coast would forcefully reset the passwords themselves.
MTG Arena data breach
“Dear Wizards community, we are writing to let you know of a recent security incident at Wizards of the Coast. On November 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company,” Wizards wrote. “We believe this was an isolated incident related to a legacy database and is unrelated to our current systems.”
In the email, it states that the security breach included data like full names, email addresses, and passwords. However, Wizards have “no reason to believe that any malicious use has been made of the data.” This means it isn’t likely that your email will start getting spammed with junk. However, this information is from the company itself, and many companies have lied about such matters in the past to save reputation. As such, it is a good idea to change your password anyways, to be on the safe side.
Change your passwords
According to the company, the passwords associated with the MTG Arena and Magic Online accounts were salted and hashed. In plain English, this adds two extra layers of security, so hackers can only figure out the password if they have the matching unique hash value (string of text) to authenticate. In addition, no payment or financial data was on the breached database.
Once Wizards of the Coast were made aware of the security breach, they launched an investigation and have since emailed their user base. However, even if one was not included in the breached database, they will still be required to reset their password. Users affected only have to sign in to the game client or Wizards of the Coast website, where they can then access their account settings.