Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Throne of Eldraine
Image via Wizards of the Coast Magic: The Gathering

MTG Arena and Magic Online suffer security data breach

All players will need to reset passwords within the next seven days.
This article is over 5 years old and may contain outdated information

A data breach has been reported by Wizards of the Coast, affecting MTG Arena and Magic Online users.

Recommended Videos

According to an email sent to affected users, Wizards of the Coast had a legacy database breach occur on Nov. 14. The incident is being reported as non-malicious. And that the information was obtained outside the company. 

“Dear Wizards community, we are writing to let you know of a recent security incident at Wizards of the Coast,” WotC said. “On Nov. 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company.

“We believe this was an isolated incident related to a legacy database and is unrelated to our current systems. Based on our current investigation, we have no reason to believe that any malicious use has been made of the data.”

Here is what was on the Wizards of the Coast MTG Arena and Magic Online database file:

  • First and last name
  • Email address
  • Password

According to WotC, the passwords on the file were stored in hashed and salted form, meaning they were secured cryptographically and are extremely difficult to decipher. No payment or financial information was on the database that was breached.

Once WotC became aware of the breach, it launched an investigation to determine the scope of the incident. As a precautionary measure, Wizards of the Coast is asking all MTG Arena and Magic Online users to change their passwords in the next seven days. 

Some players may have not received an email because their information was not on the database. But those players are still required to reset their passwords within the next seven days, or WotC will manually reset them.  

Here is how a Magic player can reset their passwords:

  • MTG Arena: myaccounts.wizards.com.
  • Magic Online: In the game client
  • DCI accounts: Players will receive an email on how to reset the password.

Related: Twitch Esports is hosting MTG Arena tournament following Magic B&R

The response by WotC has been quick regarding the data breach and for now, it seems that the company has everything under control. 


Dot Esports is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author
Image of Danny Forster
Danny Forster
Staff writer, lead beat writer for MTG and TFT
Danny has been writing for Dot Esports for over five years, first as a freelancer and now as a staff writer. He is the lead beat writer for Magic: The Gathering and Teamfight Tactics. Danny is also a solid Monopoly GO player, having beaten every main event without spending a dime. When Danny isn't writing or gaming, he's chilling by the water in Spacecoast Florida with his family and friends. He's always got a tan, because touching grass is important, and loves playing strategic digital and tabletop games. Past outlets Danny has written for include TheGamer and ScreenRant.