Polish game development studio CD Projekt RED has had more than 1.8 million user credentials stolen from its online forum, according to data breach notification website 'Have I Been Pwned?'.
The studio, which is famous for developing the highly successful Witcher franchise, was breached in March 2016 when hackers targeted its online forum, leading to a leak of usernames, passwords and email addresses.
Those signed up to notifications through Have I Been Pwned? were alerted to the breach by email this morning, with users recommended to change their passwords "immediately".
"Whilst the breach occurred in March 2016, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly," the message stated, in an email seen by IT Pro. "Have I Been Pwned? will always attempt to alert you ASAP, it's just a question of how readily available the data is."
According to the site's creator, security researcher Troy Hunt, a total of 8,110 individual subscribers received breach alerts, considered a high rate for notifications.
The forum, which is hosted on CD Projekt RED's main website, acts as a news and discussions hub, providing users with gameplay advice and technical support.
The sheer number of affected accounts represents one of the most significant data breaches to have affected a gaming community. Hackers also targeted development studio Epic Games in August 2016, when 800,000 account details were stolen from its gaming forums, although that number is now dwarfed by the latest breach.
E-sports organiser ESEA, which coordinates events for the massively popular Counter Strike, also suffered from a botched ransomware attack in December, which ultimately led to 1.5 million accounts being leaked online as a result.
IT Pro has approached CD Projekt RED for comment but did not receive a reply in time for publication. We will update this story when we hear more.
Main image credit: Thomas McMullan
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolenCapita told the pension provider to “work on the assumption” that data had been stolen
-
Gumtree site code made personal data of users and sellers publicly accessibleNews Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbersNews Former and current staff at California Pizza Kitchen potentially burned by hackers
-
83% of critical infrastructure companies have experienced breaches in the last three yearsNews Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring serviceNews New monitoring solution adds to the firm’s flagship RapidIdentity platform
-
Neiman Marcus data breach hits 4.6 million customersNews The breach took place last year, but details have only now come to light
-
Indiana notifies 750,000 after COVID-19 tracing data accessedNews The state is following up to ensure no information was transferred to bad actors
-
Pearson fined $1 million for downplaying severity of 2018 breachNews The SEC found the London-based firm made “misleading statements and omissions” about the intrusion
