Image via Wizards of the Coast Magic: The Gathering

MTG Arena and Magic Online suffer security data breach

All players will need to reset passwords within the next seven days.

Danny Forster

Published: Nov 16, 2019 06:56 am

A data breach has been reported by Wizards of the Coast, affecting MTG Arena and Magic Online users.

Recommended Videos

According to an email sent to affected users, Wizards of the Coast had a legacy database breach occur on Nov. 14. The incident is being reported as non-malicious. And that the information was obtained outside the company.

“Dear Wizards community, we are writing to let you know of a recent security incident at Wizards of the Coast,” WotC said. “On Nov. 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company.

“We believe this was an isolated incident related to a legacy database and is unrelated to our current systems. Based on our current investigation, we have no reason to believe that any malicious use has been made of the data.”

Here is what was on the Wizards of the Coast MTG Arena and Magic Online database file:

First and last name
Email address
Password

According to WotC, the passwords on the file were stored in hashed and salted form, meaning they were secured cryptographically and are extremely difficult to decipher. No payment or financial information was on the database that was breached.

Once WotC became aware of the breach, it launched an investigation to determine the scope of the incident. As a precautionary measure, Wizards of the Coast is asking all MTG Arena and Magic Online users to change their passwords in the next seven days.

Some players may have not received an email because their information was not on the database. But those players are still required to reset their passwords within the next seven days, or WotC will manually reset them.

Here is how a Magic player can reset their passwords:

MTG Arena: myaccounts.wizards.com.
Magic Online: In the game client
DCI accounts: Players will receive an email on how to reset the password.

The response by WotC has been quick regarding the data breach and for now, it seems that the company has everything under control.

Dot Esports is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more

Related Content

MTG Duelist of the Mind featuring World Champion Nathan Steuer

MTG Pro Tour Thunder Junction meta may impact best deck in Standard

Apr 25, 2024

How to watch MTG Pro Tour Thunder Junction

Apr 15, 2024

Fblthp, wearing a cowboy hat and looking quite confused, stands amidst a massive battle in MTG OTJ.

When is the next MTG Pro Tour and what’s the format?

Apr 12, 2024

Author

Danny Forster

Lead Magic: The Gathering/Teamfight Tactics scribe and staff writer for Dot Esports. Danny is a gamer beach bum residing in Spacecoast Florida and has been a journalist for seven years, of which five have been at Dot Esports. Prior media outllets Danny wrote for were Screen Rant and TheGamer. You can typically catch Danny playing TCGs and a variety of strategic games. He also hangs out on Twitter @Dannyspacecoast.