Call Now 888.400.5530

ITRC-logo-color-final
Search
Close this search box.

‘Magic: The Gathering’ Data Breach Caused by Accidental Overexposure

Date: 11/19/2019

It seems hard to imagine that companies still suffer accidental data breaches, but it happens with alarming frequency and it led to a ‘Magic: The Gathering’ data breach. It may be an employee who downloads some malicious software or falls for a spear phishing campaign, or someone who leaves an unsecured laptop or flash drive out. Regardless of how it happens, what is important is that it happens often enough that more companies should be safeguarding themselves from this kind of threat.

One frighteningly common event is the accidental overexposure, which occurs when a company unintentionally puts its sensitive information online for anyone to find. Sadly, even though they are doing it by mistake, that does not stop malicious people from finding the information and using it.

The most recent example of a company leaving a database of customer information exposed on the internet is Wizards of the Coast, the developer of the popular game, ‘Magic: The Gathering.’ It led to a ‘Magic: The Gathering’ data breach. This card-based game has been widely popular for many years and has a devoted following. Unfortunately, the owners used an unsecured Amazon Web Services bucket. This online server contained customer data for more than 452,000 users, including usernames and hashed and salted passwords. However, the information was not encrypted.

Accidental data breaches like the ‘Magic: The Gathering’ data breach have happened to numerous well-known, large-scale companies recently. It is always with the same issue that the requirement to password protect the server is turned off by default. Unless the company opts to password protect the server and takes the steps to do so, their information can go online without any kind of wall around it.

Unfortunately, TechCrunch reported this incident with a somewhat bothersome finding. A security company called Fidus Information Security discovered the database of information and contacted the game developers. However, there is no way of knowing if anyone else had already compromised the information. In this case, as TechCrunch states, “Fidus reached out to Wizards of the Coast but did not hear back. It was only after TechCrunch reached out that the game maker pulled the storage bucket offline.”

One of the most critical things any company can do during a data breach like the ‘Magic: The Gathering’ data breach is to respond in a timely way. Leaving the information online while looking into the matter or failing to notify the customers of the breach quickly is not the best way to protect anyone. The developer has informed affected customers to change their passwords and has reported the breach to officials who oversee the EU’s privacy compliance regulations.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at 888.400.5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.

You might also like…

Three-Pronged Web Service Data Breach A Cause For Alarm

Virtual Reality Privacy Concerns

Who is Responsible for Fraud Prevention? Join the Fraud Week Twitter Chat with ACFE!

How much information are you putting out there? It’s probably too much. To help you stop sharing Too Much Information, sign up for the In the Loop.

notified-ad.png

Get ID Theft News

Stay informed with alerts, newsletters, and notifications from the Identity Theft Resource Center

notified-ad.png
© Copyright 2024- Identity Theft Resource Center

This product was produced by the ITRC under 2018-V3-GX-K007, awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. The opinions, findings, and conclusions or recommendations expressed in product are those of the contributors and do not necessarily represent the official position or policies of the U.S. Department of Justice. View more about our copyright info here.