As it turns out, the game developer posted about the breach on its forums in mid-December. It touched on many of the details back then, including the encrypted passwords and that it's a "now-obsolete" database. However, the info stayed tucked away in the company's official The Witcher news sub-forum, where not many people are likely to go (let alone pay attention to security issues). Even a follow-up complaint on January 31st of this year got moved to a technical support forum where it's unlikely to be seen. Users are wondering: why didn't CD Projekt Red email everyone, even if didn't think the breach was serious?

We've asked the company for comment and will let you know if it has something to add. With that said, it's clear that there's some room for improvement. Forum hacks certainly aren't unheard of, but it shouldn't take several months to put up a forum post, let alone 10 months for most users to find out. If the passwords hadn't been secure, the damage could have been extensive.