The popular data breach reporting site, Have I been pwned?, has announced a few more breaches that specifically affect gamers. The sites in question include CD Projekt RED — developer of the popular The Witcher series, Xbox 360 ISO, and PSP ISO. The combined hack has resulted in over 4.4 million gamer accounts breached in total.
New breach: The CD Projekt RED forum had 1.9m accounts exposed in 2016. 67% were already in @haveibeenpwned https://t.co/LGaAniJH32
— Have I been pwned? (@haveibeenpwned) January 31, 2017
New breach: The PSP ISO forum had 1.3m accounts exposed in 2015. 68% were already in @haveibeenpwned https://t.co/LGaAniJH32
— Have I been pwned? (@haveibeenpwned) January 29, 2017
New breach: The Xbox 360 ISO forum had 1.3m accounts exposed in 2015. 71% were already in @haveibeenpwned https://t.co/LGaAniJH32
— Have I been pwned? (@haveibeenpwned) January 29, 2017
What’s more troubling about these hacks is that they aren’t new and are just now coming to light. According to the tweets and further information on the Have I been pwned? website, the Xbox 360 ISO and PSP ISO forums were hacked back in September of 2015, while the CD Projekt RED forums were breached in March 2016.
CD Projekt RED
In March 2016, Polish game developer CD Projekt RED suffered a data breach. The hack of their forum led to the exposure of almost 1.9 million accounts along with usernames, email addresses and salted SHA1 passwords.
Compromised data: Email addresses, Passwords, Usernames
PSP ISO
In approximately September 2015, the PlayStation PSP forum known as PSP ISO was hacked and almost 1.3 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
Xbox 360 ISO
In approximately September 2015, the XBOX 360 forum known as XBOX360 ISO was hacked and 1.2 million accounts were exposed. Along with email and IP addresses, the vBulletin forum also exposed salted MD5 password hashes.
Compromised data: Email addresses, IP addresses, Passwords, Usernames
CD Projekt RED first posted in their forums about the possible breach in December and confirmed yesterday that the breach had indeed occurred. If you have, or had, an account on any of these forums, we urge you to change your password as soon as possible. In addition, you should change any other logins that use the same email address and password combination. Unfortunately, due to the time delay between when the breaches took place and were reported, there’s no telling what that information may have been used for.
You can check to see if your account has been compromised on the Have I been pwned? website. If you’re wondering if that site is safe, it has been around for a few years and was created and is run by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security.
Were you one of the many gamers affected by these forum hacks? Let us know in the comments below or on Google+, Twitter, or Facebook.
[button link=”https://haveibeenpwned.com/PwnedWebsites” icon=”fa-external-link” side=”left” target=”blank” color=”285b5e” textcolor=”ffffff”]Source: Have I been pwned?[/button][button link=”http://forums.cdprojektred.com/forum/en/the-witcher-series/news-aa/7248610-important-unauthorized-access-to-the-forums%E2%80%99-data” icon=”fa-external-link” side=”left” target=”blank” color=”285b5e” textcolor=”ffffff”]Source: CD Projekt RED[/button]