It seems hard to imagine that companies still suffer accidental data breaches, but it happens with alarming frequency and it led to a ‘Magic: The Gathering’ data breach. It may be an employee who downloads some malicious software or falls for a spear phishing campaign, or someone who leaves an unsecured laptop or flash drive out. Regardless of how it happens, what is important is that it happens often enough that more companies should be safeguarding themselves from this kind of threat.
One frighteningly common event is the accidental overexposure, which occurs when a company unintentionally puts its sensitive information online for anyone to find. Sadly, even though they are doing it by mistake, that does not stop malicious people from finding the information and using it.
The most recent example of a company leaving a database of customer information exposed on the internet is Wizards of the Coast, the developer of the popular game, ‘Magic: The Gathering.’ It led to a ‘Magic: The Gathering’ data breach. This card-based game has been widely popular for many years and has a devoted following. Unfortunately, the owners used an unsecured Amazon Web Services bucket. This online server contained customer data for more than 452,000 users, including usernames and hashed and salted passwords. However, the information was not encrypted.
Accidental data breaches like the ‘Magic: The Gathering’ data breach have happened to numerous well-known, large-scale companies recently. It is always with the same issue that the requirement to password protect the server is turned off by default. Unless the company opts to password protect the server and takes the steps to do so, their information can go online without any kind of wall around it.
Unfortunately, TechCrunch reported this incident with a somewhat bothersome finding. A security company called Fidus Information Security discovered the database of information and contacted the game developers. However, there is no way of knowing if anyone else had already compromised the information. In this case, as TechCrunch states, “Fidus reached out to Wizards of the Coast but did not hear back. It was only after TechCrunch reached out that the game maker pulled the storage bucket offline.”
One of the most critical things any company can do during a data breach like the ‘Magic: The Gathering’ data breach is to respond in a timely way. Leaving the information online while looking into the matter or failing to notify the customers of the breach quickly is not the best way to protect anyone. The developer has informed affected customers to change their passwords and has reported the breach to officials who oversee the EU’s privacy compliance regulations.
You might also like…