Data belonging to more than 450,000 players of popular online games were exposed on an unprotected database accessible online.
Wizards of the Coast, the company behind games such as Magic: The Gathering, MTG Arena, and Magic Online accidentally left a database unprotected on an online Amazon Web Services storage bucket. The first and last names, email addresses, and passwords of 452,634 players and 470 employees were exposed. No financial data was thought to have been compromised.
“We believe that this was an isolated incident and we have no reason to believe that any malicious use has been made of the data,” said Bruce Dugan, a spokesperson for the company in a statement to TechCrunch.com.
Wizards of the Coast notified U.K. data protection authorities in accordance with the EU’s GDPR data breach disclosure requirements, and emailed affected users.
As a precaution, all MTG Arena and Magic Online players will be required to reset their passwords within the next week.