Hack at forum CD Projekt RED hit 1.9 million accounts – update

A data breach at Polish video game developer CD Projekt RED has left 1.9 million accounts out of business. Those accounts include usernames, email addresses, and hashed and salted passwords.

HaveIBeenPwned.com fixes the leak today known on Twitter and immediately commented that 67 percent of the accounts could already be found in other databases on the site. The administrators of the website are probably referring specifically to the e-mail addresses. Users affected by the data breach would do well to change their passwords and to do so on all sites where they use the same password.

CD Projekt RED, the developer of the well-known Witcher games, announced late last year that an old forum database “may have been opened and copied by a third party that should not have access.” It now appears that this has indeed happened. It is not known exactly how old the database is.

Update, 1-2: CD Project RED has said in a statement that it is aware of the leak and that it is an old forum database. Contrary to what HaveIBeenPwned wrote, the developer says the passwords were hashed with md5 and not with sha-1.