Polish game development studio CD Projekt RED has had more than 1.8 million user credentials stolen from its online forum, according to data breach notification website 'Have I Been Pwned?'.

The studio, which is famous for developing the highly successful Witcher franchise, was breached in March 2016 when hackers targeted its online forum, leading to a leak of usernames, passwords and email addresses.

Those signed up to notifications through Have I Been Pwned? were alerted to the breach by email this morning, with users recommended to change their passwords "immediately".

"Whilst the breach occurred in March 2016, sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly," the message stated, in an email seen by IT Pro. "Have I Been Pwned? will always attempt to alert you ASAP, it's just a question of how readily available the data is."

According to the site's creator, security researcher Troy Hunt, a total of 8,110 individual subscribers received breach alerts, considered a high rate for notifications.

New breach: The CD Projekt RED forum had 1.9m accounts exposed in 2016. 67% were already in @haveibeenpwned https://t.co/LGaAniJH32 — Have I Been Pwned (@haveibeenpwned) January 31, 2017

The forum, which is hosted on CD Projekt RED's main website, acts as a news and discussions hub, providing users with gameplay advice and technical support.