Hacked server CD Projekt RED, developers The Witcher. Leaked database with user data

The CD Projekt RED team on February 4, 2017 at 1:39 (GMT +3) sent an email to their users warning that their servers had been compromised. Under the attack were the forum server cdprojektred.com. Prior to active promotion on Steam, during the release of the first part of the Witcher series, many were registered on the developer’s server. At the moment, the forum was almost abandoned, but contained in its database usernames, email addresses and user passwords.

The fact of a database leak was discovered only now, but the incident itself occurred in March 2016. Most users were transferred to third-party GOG.com accounts a year ago, which made the authentication two-step. However, some users did not update their data. The good news is that the passwords were hashed and salted , which makes it impossible for the dictionary to attack passwords and makes it very difficult to automatically search the database.

In general, I am very pleased with this attitude towards my users. The team did not hide the incident, despite the low probability of compromise of user passwords and a considerable time elapsed after the leak. Just in case, change the passwords and update your security settings in other accounts if you registered with them with the same data.
')
Text of the original letter:

Dear Forum Users,

An interview with the cdprojektred.com forum was taken in March 2016.

GOG.com accounts for login purposes. These accounts are additionally protected by two-step authentication. The forum engine has also been upgraded since it was installed.

It is our understanding that the database has been signed and that it hashed and “salted.” It is this “salted hash” of the password, it has been accessed. Your passwords were not stored in plain text, therefore they were not directly accessible by anyone.

It was not necessary to connect your account. However, it is still advisable to change it. The same password across multiple services.

In the future, we’ve seen an attempt to complete the external security tests.

We would like to deeply apologize to everyone affected.

CD PROJEKT RED Forum Staff