The developer of popular game Magic: The Gathering, has disclosed that a security lapse exposed the data of hundreds of thousands of players.
Washington-based developer, Wizards of the Coast, left a file in a public Amazon Web Services storage bucket, as reported by TechCrunch. The file was left on the web without a password, allowing anyone to have access to the content.
The file contained 452,634 players’ information and around 470 staff email addresses. It included players’ usernames and email addresses.
Researchers at Fidus Information Security, a U.K. cybersecurity firm, found the exposed database and say it was available since September. Wizards of the Coast did not take down the database once Fidus disclosed it, and only pulled the file once TechCrunch reached out.
The information in the file included account data from 2012 to 2018. None of the data on the file was encrypted.
The developer has said that “this was an isolated incident and we have no reason to believe that any malicious use has been made of the data.”
Wizards of the Coast has sent out emails to affected users and is urging all players to change their passwords within the next week. After seven days, the developer will manually reset all account passwords.