Game developer studio CD Projekt RED was the victim of a data breach in March 2016 when hackers got hold of 1.9 million user credentials from its online forum.
Although the data has been on breach notification website Have I Been Pwned? for a few days now, the company is now contacting people about the situation, advising them to change their password just for safety reasons, while also explaining the situation better.
The studio, famous for developing major successful games such as the Witcher franchise, was attacked in March 2016. According to the company, an obsolete cdprojektred.com forum database was accessed and picked up by hackers, containing data pertaining to 1.9 million users.
At the time of the event, the database was not in active use, they said, since it was almost a year prior when forum members were asked to move over to GOG.com and create accounts there, which are a lot better protected. “These accounts are additionally protected by two-step authentication. The forum engine has also been upgraded since then to the newest and most secure version, fixing the vulnerability that allowed said access,” reads the company’s message.
What data was exposed?
The database that’s been dumped online contains usernames, email addresses and passwords that were hashed and “salted.” This is a pretty common practice involving adding random characters to the passwords when they are hashed in order to increase security. While the passwords were not stored in plain text, they were not directly accessible to hackers.
It is, however, advisable that people change their passwords if they used the same ones for multiple accounts. The old forum data has not been moved over to the GOG.com site, so that’s another layer of protection there.
It’s not uncommon for a long time to pass between breach and data dump or before the company figures out what happened. The largest data breaches in history, those of Yahoo, when 500 million and 1 billion accounts were exposed, happened in 2014 and 2013, respectively, and were revealed just last year.