Dear Forum Users,
Recently it has come to our attention that an obsolete
cdprojektred.com forum database was accessed by an unauthorized party sometime in March 2016.
At the time of the event, the database was not in active use, as almost a year earlier forum members had been asked to create secure GOG.com accounts for login purposes. These accounts are additionally protected by two-step authentication. The forum engine has also been upgraded since then to the newest and most secure version, fixing the vulnerability that allowed said access.
It is our understanding that the obsolete forum database contained usernames, email addresses and passwords that were hashed and “salted.” Salting is a common practice that involves adding random characters to the password when hashing to increase security. It is this, a “salted hash” of a password, that was stored in the database and that was accessed. Your passwords were not stored in plain text, hence they were not directly accessible by anyone.
However, in circumstances such as this, it is still advisable for users to change their account passwords. You can set your new password
here.
Since the event, we’ve conducted additional external security tests, and we will double our efforts to ensure such situations don’t occur in the future.
We would like to deeply apologize to everyone affected.
CD PROJEKT RED Forum Staff