The old, obsolete CD Projekt Red forum has been hacked and users' email addresses, usernames and encrypted passwords stolen.
Data breach site Have I been Pwned? put the number of compromised accounts at 1.9m.
"Upon examining the data at our disposal, we can conclude that an unauthorised party gained access to the old forum database," a message by the IT_Team account read.
"At the time of the event, the database was not in active use, as forum members had been asked to create better-secured GOG.com accounts almost a year earlier. The forum engine has also been upgraded since then to the newest and most secure version, fixing the exploit that allowed said access.
"It is our understanding that the obsolete forum database contained usernames, email addresses and salted MD5 passwords (MD5 is an encryption algorithm we used to encrypt your data). This means your old passwords were secured and not directly accessible by anyone.
"However," the post added, "it is still a best practice to ask users to change their passwords. Since the event, we've conducted additional external security tests and we will double our efforts to ensure such situations don't occur in the future.
"In the following days, we will send out emails to affected users notifying them about the situation.
"We would like to deeply apologise everyone affected."
Elsewhere in Witcher-related goings on, I recently tracked down the voice actor who's played Geralt in all three Witcher games. Well worth a read if I don't say so myself.