Throne of Eldraine
Image via Wizards of the Coast Magic: The Gathering

MTG Arena and Magic Online suffer security data breach

All players will need to reset passwords within the next seven days.

A data breach has been reported by Wizards of the Coast, affecting MTG Arena and Magic Online users.

Recommended Videos

According to an email sent to affected users, Wizards of the Coast had a legacy database breach occur on Nov. 14. The incident is being reported as non-malicious. And that the information was obtained outside the company. 

“Dear Wizards community, we are writing to let you know of a recent security incident at Wizards of the Coast,” WotC said. “On Nov. 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company.

“We believe this was an isolated incident related to a legacy database and is unrelated to our current systems. Based on our current investigation, we have no reason to believe that any malicious use has been made of the data.”

Here is what was on the Wizards of the Coast MTG Arena and Magic Online database file:

  • First and last name
  • Email address
  • Password

According to WotC, the passwords on the file were stored in hashed and salted form, meaning they were secured cryptographically and are extremely difficult to decipher. No payment or financial information was on the database that was breached.

Once WotC became aware of the breach, it launched an investigation to determine the scope of the incident. As a precautionary measure, Wizards of the Coast is asking all MTG Arena and Magic Online users to change their passwords in the next seven days. 

Some players may have not received an email because their information was not on the database. But those players are still required to reset their passwords within the next seven days, or WotC will manually reset them.  

Here is how a Magic player can reset their passwords:

  • MTG Arena: myaccounts.wizards.com.
  • Magic Online: In the game client
  • DCI accounts: Players will receive an email on how to reset the password.

Related: Twitch Esports is hosting MTG Arena tournament following Magic B&R

The response by WotC has been quick regarding the data breach and for now, it seems that the company has everything under control. 


Dot Esports is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more
related content
Read Article How to watch MTG Pro Tour Thunder Junction
MTG Pro Tour Thunder Junction trophy
Read Article When is the next MTG Pro Tour and what’s the format?
Fblthp, wearing a cowboy hat and looking quite confused, stands amidst a massive battle in MTG OTJ.
Read Article When is the next MTG Banned and Restricted announcement?
Spirits reading a list after passing away
Related Content
Read Article How to watch MTG Pro Tour Thunder Junction
MTG Pro Tour Thunder Junction trophy
Read Article When is the next MTG Pro Tour and what’s the format?
Fblthp, wearing a cowboy hat and looking quite confused, stands amidst a massive battle in MTG OTJ.
Read Article When is the next MTG Banned and Restricted announcement?
Spirits reading a list after passing away
Author
Danny Forster
Lead Magic: The Gathering/Teamfight Tactics scribe and staff writer for Dot Esports. Danny is a gamer beach bum residing in Spacecoast Florida and has been a journalist for seven years, of which five have been at Dot Esports. Prior media outllets Danny wrote for were Screen Rant and TheGamer. You can typically catch Danny playing TCGs and a variety of strategic games. He also hangs out on Twitter @Dannyspacecoast.