PackAPunchedMick
Member
What the fuck.
Good job!
Good job!
-
Hey Guest. Check out your NeoGAF Wrapped 2025 results here!
Witcher 3 dev forums hacked, 1.8 million accounts stolen
- Thread starter boskee
- Start date
zeorhymer
Member
The goal of hacking a major corporation is to keep collecting current data. They want to be as invisible as possible. It could be the case the CDPR did not know that their data has been compromised and just found about it recently. It's no brainer that having current information fetches a lot more money.
Leatherface
Member
phew. dodged a bullet with this one.
I got hit. That was signing up to their forums to report unaddressed bugs in TW3 that prevented me from progressing for a couple weeks.
Merged with my GOG account and change password, turned on two-step. Already have my Gmail password changed since then and have two step to phone.
Merged with my GOG account and change password, turned on two-step. Already have my Gmail password changed since then and have two step to phone.
keraj37
Contacted PSN to add his card back to his account
Don't worry that much. Passwords were hashed, and cracking one takes ages on even powerful CPU.
Yes!
Audioboxer
Member
This is often how people get things like their PSN accounts accessed.
GuitarGuruu
Member
Damn, almost a year going undetected.
It's says on the forum it's a salted md5 hash which is not encryption at all (its a hashing alg) and is not really secure enough at all.
I'll give them a break because it's evidently from an old database before they switched to the gog.com based system but these companies need to do better. MD5 is just not good enough.
http://forums.cdprojektred.com/forum/en/the-witcher-series/news-aa/7248610-important-unauthorized-access-to-the-forums-data
I'll give them a break because it's evidently from an old database before they switched to the gog.com based system but these companies need to do better. MD5 is just not good enough.
http://forums.cdprojektred.com/forum/en/the-witcher-series/news-aa/7248610-important-unauthorized-access-to-the-forums-data
FunkyPajamas
Member
I don't have a CDPR account but I have GOG account. Should I be worried? I don't have CC data in there though. Does GOG have 2FA? Edit: it does and I have it. Good. I'm changing my password anyway.
Audioboxer
Member
When a personal doubt surfaces, always the answer. Plus, everyone should have unique passwords for EVERYTHING.
Weltall Zero
Member
As long as it's just salted passwords, there's not much issue. Reading the thread title I thought they were storing plain passwords which unforgivable as it is, some companies still do.
The real news for me is that their forums have 1.8 million accounts. That's a damn lot.
The real news for me is that their forums have 1.8 million accounts. That's a damn lot.
Cheers, updated op to correct hashing algorithm used.
Also, I don't think anyone (or at least me) is trying to be tough on CDPR. Shit happens, but it's important to warn users that their info has leaked.
Wolf Akela
Member
Uh wow yikes. So all they need to do is figure out what or how the salt was generated. Break one and you break them all.
Makoto-Yuki
Banned
Oh no my email has appeared on that site. Luckily i had 2FA on! Just changed my password anyway incase.
Salt is different for each user, but it is also stored in the Database.