IMPORTANT: Unauthorized access to the forums’ data

[IT_Team]

IMPORTANT: Unauthorized access to the forums’ data

Dear users,


It has come to our attention that the now-obsolete cdprojektred.com forum database might have been accessed and copied from our server by an unauthorized party sometime in March 2016. It’s the old database we used to run the forum before we migrated to the login system powered by our sister company -- GOG.com.


While we have no concrete evidence at this point in time that supports saying this actually took place, acting with the community’s best interest in mind, we still want you to be aware of the situation.


If any passwords had been downloaded, they would have also been encrypted. However, we strongly encourage every user to change their password as a precautionary measure.


We are sorry for the inconvenience this might have caused.


The IT Team

 

[IT_Team]

Dear forum users,


Upon examining the data at our disposal, we can conclude that an unauthorized party gained access to the old forum database.

At the time of the event, the database was not in active use, as forum members had been asked to create better-secured GOG.com accounts almost a year earlier. The forum engine has also been upgraded since then to the newest and most secure version, fixing the exploit that allowed said access.

It is our understanding that the obsolete forum database contained usernames, email addresses and salted MD5 passwords (MD5 is an encryption algorithm we used to encrypt your data). This means your old passwords were secured and not directly accessible by anyone.

However, it is still a best practice to ask users to change their passwords. Since the event, we’ve conducted additional external security tests and we will double our efforts to ensure such situations don’t occur in the future.

In the following days, we will send out emails to affected users notifying them about the situation.

We would like to deeply apologize everyone affected.