Witcher 3 Old Dev Forum Hacked and 1.9 Million Credentials Dumped

CD Projekt RED, famous game developer studio was the victim of a data breach back in March 2016 when the hackers got hold of nearly 1.9 million user credentials that are stolen from its online forum.

Even though the stolen data was on breach notification website Have I Been Pwned? for quite a few days now, company is now contacting the people about this situation and advising them to change the password just for the safety reasons, while also explaining the situation in a smooth and better way.

The studio is popular for developing the major successful games like the Witcher franchise. It was attacked in march of 2016 and according to the company, a cdprojektred.com forum database was accessed and selected up by the hackers, this contains data belonging to 1.9 million users.

At the time of the event happening, the hacked database was not in active use and they said since it was not used for almost a year, the forum members are asked to move over to GOG.com and then create accounts there, which is a lot better protected. “These accounts are additionally protected by two-step authentication. The forum engine has also been upgraded since then to the newest and most secure version, fixing the vulnerability that allowed said access,” said the company’s message.

The database that is dumped online has usernames, email addresses and passwords which were hashed and “salted.” This is a very common practice involving the adding of random characters to the passwords when they are being hashed, in order to increase security by introducing the random factor which hacker cannot use or replicate to retrace the passwords. Even though the passwords are not stored in just plain text, they are not directly accessible to hackers for sure.

It is, however, advisable that people change their passwords if they used the same ones for multiple accounts. The old forum data has not been moved over to the GOG.com site, so that’s another layer of protection there.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites