![]() data protection authorities about the exposure, in line with breach notification rules under Europe’s GDPR regulations. It’s our small way of helping make the internet a safer place,” she told TechCrunch. “Our research team work continuously, looking for misconfigurations such as this to alert companies as soon as possible to avoid the data falling into the wrong hands. Harriet Lester, Fidus’ director of research and development, said it was “surprising in this day and age that misconfigurations and lack of basic security hygiene still exist on this scale, especially when referring to such large companies with a userbase of over 450,000 accounts.” “However, in an abundance of caution, we are notifying players whose information was contained in the database and requiring them to reset their passwords on our current system,” he said. “We believe that this was an isolated incident and we have no reason to believe that any malicious use has been made of the data,” but the spokesperson did not provide any evidence for this claim. “We removed the database file from our server and commenced an investigation to determine the scope of the incident,” he said. It was only after TechCrunch reached out that the game maker pulled the storage bucket offline.īruce Dugan, a spokesperson for the game developer, told TechCrunch in a statement: “We learned that a database file from a decommissioned website had inadvertently been made accessible outside the company.” (Image: TechCrunch)įidus reached out to Wizards of the Coast but did not hear back. The accounts date back to at least 2012, according to our review of the data, but some of the more recent entries date back to mid-2018.Ī formatted version of the database backup file, redacted, containing 452,000 user records. The database also had user passwords, which were hashed and salted, making it difficult but not impossible to unscramble. The database included player names and usernames, email addresses, and the date and time of the account’s creation. cybersecurity firm Fidus Information Security to find the database.Ī review of the database file showed there were 452,634 players’ information, including about 470 email addresses associated with Wizards’ staff. The bucket is not believed to have been exposed for long - since around early-September - but it was long enough for U.K. But there was no password on the storage bucket, allowing anyone to access the files inside. The game’s developer, the Washington-based Wizards of the Coast, left a database backup file in a public Amazon Web Services storage bucket. The maker of Magic: The Gathering has confirmed that a security lapse exposed the data on hundreds of thousands of game players.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |