Doesn't 2fa mean when they hack the email account they get access to everything instead?

Brilliant banks making security worse. Safety schemes like that should be standard.
There is less and less reasons to use them these days.

Imma hearing DA SORZ?? Linux portz plzzzz

Hahaha. Again, on subjects to which you are completely ignorant, stay quiet.

I wonder what security loop hole have the hacker used.

But my account should be secured, if there is an failed log in attempt I will change my password tho.

Probably had a hex matrix guarding the intranet

55 E9 7A 1C BD BD
E9 7A 1C E9 55 55
E9 55 BD 1C E9 1C
E9 E9 1C 55 E9 BD
7A E9 BD E9 7A 1C

Having people's details out there is a big issue, it's not something that should be seen as anything but a crime, be it weaponized for any level of gain or not.

Uh oh! That's not good news. Password changed.

From what I read, it seems the attacker stole the source code to Witcher 3 and Cyberpunk as well.

Not with a proper implementation. It would imply possession; ignoring the email based method entirely.

Well this sucks after everything over the last few months and now thus CDPR cant get a break. I do hope they can track the person(s) who did this.

Due to GDPR CD Project Red could also be fined for this breach which could amount to a hefty fine.

This. This is coming from someone who works on web services for a living.

Where I live, the Desjardins financial group (almost an institutional player in banking here) go an info leak (the banking info, phone number, SIN... the works, for 4.2 millions users which is roughly half the population of my province). In this incident, the flaw was human, not technical, but you have that to consider as well.

Some big almost institutional players (ex: AWS, Digital Ocean, etc) take security very seriously. Among the small and medium-sized companies, its a total joke (I've been around, in a lot of places I've been, I was either the most or among the most security-minded developers in the place and I'm not a security specialist... security is one, admittedly the most important one, concern among many that I have to take into consideration).

Whatever personal info they require beyond what they strictly need to operate is sheer irresponsibility on their part. If anybody serious wants their data, they will be hard-pressed to keep it secure. Don't assume you'll have privacy or security for most things on the internet. Always make the mental calculus of the worse thing that could happen if the info you give is compromised. I use a credit card online solely because of the insurance... the day someone will use my credit card info illegaly, I'll be reimbursed.

Seriously, the European Union had the right idea when they enacted laws to give end-users more control over their data. The majority of corporations really don't care. They'll take as much info from you as they can, sell it, have it leaked, whatever.

Lol! I heard the hacker is planning to sue CDPR for wasting their bandwidth ... XD

Now that's punk.

Remember the CRA leak and hack? you know who got bitten by that? yup yours truly.

CDPR just can't catch a break.