CD Projekt RED, the makers of The Witcher, are warning that unknown naughty people gained access to an old forum database of theirs in March 2016. RED say passwords were stored in a way that should keep them obscured but do say, just to be safe, that if you used that same password on other sites you should probably change it. (You know better than to reuse passwords, don’t you?)
I myself didn’t know I’d even registered for their forums — I couldn’t tell you when or why — so perhaps you did it yonks ago yourself. Be warned!If you’re not using secure single-use passwords, please save yourself worry over warnings like this by using random passwords with a password manager like KeePass or Lastpass.
RED mentioned in December that the old forum may have been compromised, saying they had no evidence yet but would investigate. This week they posted an update confirming it, and overnight sent e-mails to affected users. The forum post explains:
“At the time of the event, the database was not in active use, as forum members had been asked to create better-secured GOG.com accounts almost a year earlier. The forum engine has also been upgraded since then to the newest and most secure version, fixing the exploit that allowed said access.
“It is our understanding that the obsolete forum database contained usernames, email addresses and salted MD5 passwords (MD5 is an encryption algorithm we used to encrypt your data). This means your old passwords were secured and not directly accessible by anyone.
“However, it is still a best practice to ask users to change their passwords. Since the event, we’ve conducted additional external security tests and we will double our efforts to ensure such situations don’t occur in the future.”
RED sent a variant of this message in e-mails to registered forumeers, waking me up by binging my phone on this grim Saturday morning. The fungoid beside me jerked awake, hissing and ejecting empty whisky bottles from its black velveteen mass.
“What?” I murmured, fishing my phone out from a glob then staring confused at the e-mail. “When did…? Did I…? I’d better write this on RPS. Oh sure, it’s the weekend, but you can say ‘Hex the planet!’ and you know that’s just broken enough to delight you.”
Though my feet are shredded from stumbling across those broken bottles and fungal spores already bloom in the wounds, I’d say yes, “hex the planet” was totally worth it.