MTG Arena and Magic Online Warns Players After Security Breach

Category: Gaming, Date: 16/Nov/2019

Follow us on our social media to stay updated!

Magic the Gathering

Wizard of the Coast reports a data breach to their players which affected MTG Arena and Magic Online users.

The email was sent to players informing them of the breach that occurred on November 14, 2019. The data from the Wizards of the Coast website had been made accessible outside of the company.

An investigation has been made and for the time being, they don’t believe that malicious use has been made of the data. 

“On Nov. 14, we learned that an internal database file from a decommissioned version of the WotC login had inadvertently been made accessible outside the company,” says WotC.

“We believe this was an isolated incident related to a legacy database and is unrelated to our current systems. Based on our current investigation, we have no reason to believe that any malicious use has been made of the data.”

The information that the database file stored: first and last names, email addresses, and passwords stored in “hashed and salted” format.

Hashed and salted format means that the passwords weren’t stored in plain text but were secured cryptographically. 

WotC informed the community that their payment or other financial information was not stored in the database.

As a precaution measure, Wizards of the Coast is asking all MTG Arena and Magic Online users to change their passwords in the next seven days. 

How to change your password?

  • For Arena, you may reset your password here:
  • For Magic Online, you may reset your password in the game client.
  • For DCI accounts, you will receive an email with instructions on how to reset your password.