It came with this message.
Dear Forum Users,
Recently it has come to our attention that an obsolete cdprojektred.com forum database was accessed by an unauthorized party sometime in March 2016.
At the time of the event, the database was not in active use, as almost a year earlier forum members had been asked to create secure GOG.com accounts for login purposes. These accounts are additionally protected by two-step authentication. The forum engine has also been upgraded since then to the newest and most secure version, fixing the vulnerability that allowed said access.
It is our understanding that the obsolete forum database contained usernames, email addresses and passwords that were hashed and “salted.” Salting is a common practice that involves adding random characters to the password when hashing to increase security. It is this, a “salted hash” of a password, that was stored in the database and that was accessed. Your passwords were not stored in plain text, hence they were not directly accessible by anyone.
However, in circumstances such as this, it is still advisable for users to change their account passwords. You can set your new password here.
Since the event, we’ve conducted additional external security tests, and we will double our efforts to ensure such situations don’t occur in the future.
We would like to deeply apologize to everyone affected.
CD PROJEKT RED Forum Staff
Dear Forum Users,
Recently it has come to our attention that an obsolete cdprojektred.com forum database was accessed by an unauthorized party sometime in March 2016.
At the time of the event, the database was not in active use, as almost a year earlier forum members had been asked to create secure GOG.com accounts for login purposes. These accounts are additionally protected by two-step authentication. The forum engine has also been upgraded since then to the newest and most secure version, fixing the vulnerability that allowed said access.
It is our understanding that the obsolete forum database contained usernames, email addresses and passwords that were hashed and “salted.” Salting is a common practice that involves adding random characters to the password when hashing to increase security. It is this, a “salted hash” of a password, that was stored in the database and that was accessed. Your passwords were not stored in plain text, hence they were not directly accessible by anyone.
However, in circumstances such as this, it is still advisable for users to change their account passwords. You can set your new password here.
Since the event, we’ve conducted additional external security tests, and we will double our efforts to ensure such situations don’t occur in the future.
We would like to deeply apologize to everyone affected.
CD PROJEKT RED Forum Staff
I'm confused about this passage which I received in my email: "Since you did not connect your account with the GOG.com-powered login system, your account was not migrated to the new forum and no action is required on your end. However, if you used your old forum password for any other services, it is still advisable to change it. We also suggest you never use the same password across multiple services."
I log in through GoG?
I log in through GoG?
