x

You have decided to merge your account with the GOG.com.

You can now start participating in the community discussions.

x

You chose to opt out from the merge process.
Please note that you will not be able to access your account until you opt in.

We strongly encourage you to merge your RED account with the GOG.com one.
If you want to do it later please try logging in again.

  • Register

Announcement

Collapse
No announcement yet.

IMPORTANT: Unauthorized access to the forums’ data

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IMPORTANT: Unauthorized access to the forums’ data

    Dear users,


    It has come to our attention that the now-obsolete cdprojektred.com forum database might have been accessed and copied from our server by an unauthorized party sometime in March 2016. It’s the old database we used to run the forum before we migrated to the login system powered by our sister company -- GOG.com.


    While we have no concrete evidence at this point in time that supports saying this actually took place, acting with the community’s best interest in mind, we still want you to be aware of the situation.


    If any passwords had been downloaded, they would have also been encrypted. However, we strongly encourage every user to change their password as a precautionary measure.


    We are sorry for the inconvenience this might have caused.


    The IT Team

  • #2
    Dear forum users,


    Upon examining the data at our disposal, we can conclude that an unauthorized party gained access to the old forum database.

    At the time of the event, the database was not in active use, as forum members had been asked to create better-secured GOG.com accounts almost a year earlier. The forum engine has also been upgraded since then to the newest and most secure version, fixing the exploit that allowed said access.

    It is our understanding that the obsolete forum database contained usernames, email addresses and salted MD5 passwords (MD5 is an encryption algorithm we used to encrypt your data). This means your old passwords were secured and not directly accessible by anyone.

    However, it is still a best practice to ask users to change their passwords. Since the event, we’ve conducted additional external security tests and we will double our efforts to ensure such situations don’t occur in the future.

    In the following days, we will send out emails to affected users notifying them about the situation.

    We would like to deeply apologize everyone affected.

    Comment

    Working...
    X