News in brief: Witcher user details stolen; email chain generated 500m messages; Russians face treason charges

Your daily round-up of some of the other security stories in the news

Nearly 2m records stolen from The Witcher forum

Close to 2m user credentials have been stolen from the Witcher game developers’ forum, according to breach notification website Have I Been Pwnd.

The leak of 1.8m records from the forum, run by the game’s developer CD Projeckt RED, apparently happened in March last year, according to IT Pro, quoting emails sent to users via Have I Been Pwnd, but, as HIBP owner Troy Hunt points out, “sometimes there can be a lengthy lead time of months or even years before the data is disclosed publicly”.

If you’re a member of that forum, our advice, as ever, is to change your password – and now would be a good time to review our advice on how to choose a good password.

Reply-all chain sent out 500m emails in 75 minutes

A wrongly configured distribution list was to blame for the reply-all email chain that saw half a billion emails being sent across the NHS’s network in just 75 minutes in November, almost bringing the network to its knees, according to a report into the incident seen by The Register.

The unwitting starter of the chain was a local admin who thought they were sending a test email to a restricted group they had just set up – but the misconfiguration meant that without their knowledge, emails sent to the group actually went to the NHS’s “AllEngland” group of more than 1m users.

The trouble started when irritated users hit “reply all” to ask to be taken off the distribution list, slowing the network to a crawl. The moral of the story? Don’t hit reply-all unless you’re absolutely sure your reply does actually need to go to everyone.

Russian cybersecurity officials face treason charges

Two of Russia’s top cybersecurity officials have been arrested in Moscow accused of co-operating with the CIA, according to a Russian news report. The two men, Sergei Mihailov, deputy head of the FSB’s Centre for Information Security, and his deputy, Dmitry Dokuchayev, both face charges of treason, said Interfax, the Russian news agency.

Their arrest follows that of Ruslan Stoyanov of Kaspersky’s computer incidents investigations unit in December, although his arrest is apparently not linked to his work with the company.

It’s unclear from the murk surrounding this ongoing scandal if the arrests are connected to the widespread belief that the US election was influenced by alleged Russian hacking, although Kremlin-watchers have suggested that the arrests could be part of a purge connected to the attacks on the US election.

Catch up with all of today’s stories on Naked Security