Over 4.4 million gamer accounts breached on CD Projekt RED, Xbox 360 ISO, and PSP ISO forums

Gaming / PC / PlayStation / Security / Tech / Xbox
CD-Projekt-RED-gamer-accounts-breached

What’s more troubling about these hacks is that they aren’t new and occurred in September 2015 and March 2016.

The popular data breach reporting site, Have I been pwned?, has announced a few more breaches that specifically affect gamers. The sites in question include CD Projekt RED — developer of the popular The Witcher series, Xbox 360 ISO, and PSP ISO. The combined hack has resulted in over 4.4 million gamer accounts breached in total.

What’s more troubling about these hacks is that they aren’t new and are just now coming to light. According to the tweets and further information on the Have I been pwned? website, the Xbox 360 ISO and PSP ISO forums were hacked back in September of 2015, while the CD Projekt RED forums were breached in March 2016.

CD Projekt RED

In March 2016, Polish game developer CD Projekt RED suffered a data breach. The hack of their forum led to the exposure of almost 1.9 million accounts along with usernames, email addresses and salted SHA1 passwords.

Compromised data: Email addresses, Passwords, Usernames

PSP ISO

In approximately September 2015, the PlayStation PSP forum known as PSP ISO was hacked and almost 1.3 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

Xbox 360 ISO

In approximately September 2015, the XBOX 360 forum known as XBOX360 ISO was hacked and 1.2 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.

Compromised data: Email addresses, IP addresses, Passwords, Usernames

CD Projekt RED first posted in their forums about the possible breach in December and confirmed yesterday that the breach had indeed occurred. If you have, or had, an account on any of these forums, we urge you to change your password as soon as possible. In addition, you should change any other logins that use the same email address and password combination. Unfortunately, due to the time delay between when the breaches took place and were reported, there’s no telling what that information may have been used for.

You can check to see if your account has been compromised on the Have I been pwned? website. If you’re wondering if that site is safe, it has been around for a few years and was created and is run by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security.

Were you one of the many gamers affected by these forum hacks? Let us know in the comments below or on Google+, Twitter, or Facebook.

  Source: Have I been pwned?  Source: CD Projekt RED

Comments
To Top