Tuesday, February 9th 2021

CD Projekt RED Hacked, Attacker Claims to Have "Cyberpunk 2077" and "The Witcher 3" Source Code

CD Projekt RED just announced that it has been hit by a cyber-attack on its internal network, with the attacker having gained access to certain sensitive information belonging to the CD Projekt group. In a press note posted to Twitter, the studio included the screenshot to a plain-text ransom note left on its servers by the attacker, who claims to possess source-code of the company's most popular titles, including "Cyberpunk 2077," "The Witcher 3: Wild Hunt," "Gwent," and an unreleased version of "The Witcher 3" (possibly a remaster). They also claim to have confidential documents related to CDPR's financial accounting, administration, legal, HR, IR, and more. The note ends with information on how to reach out to the attacker to discuss ransom within 48 hours. CDPR announced that it will not give into the demands of the attacker, and has reached out to law enforcement.
Source: CD Projekt RED (Twitter)
Add your own comment

75 Comments on CD Projekt RED Hacked, Attacker Claims to Have "Cyberpunk 2077" and "The Witcher 3" Source Code

#2
Vayra86
What a world we live in :D
Posted on Reply
#3
ratirt
The world is collapsing.
Posted on Reply
#4
ZoneDymo
honestly that notepad message is pretty hilarious
Posted on Reply
#5
thegnome
Honestly, not suprising with how dissapointing the 2077 launch went. Someone's bound to go overboard, inside or outside, to hack them.
Posted on Reply
#6
Tsukiyomi91
definitely an inside job. Not to say it's not a surprise but I don't think anyone outside of the company would do this for free or has the know-how of where the sensitive files are located.
Posted on Reply
#7
DeathtoGnomes
Caring1
Inside job.
Disgruntled Employee

:rolleyes:
Posted on Reply
#8
the54thvoid
DeathtoGnomes
Disgruntled Employee

:rolleyes:
The ones most easily caught.
Posted on Reply
#9
AsRock
TPU addict
the54thvoid
The ones most easily caught.
Aye it's like did the wife do it when the husband goes missing or visa versa just to make everyone happy HAHAHA.
Posted on Reply
#10
Max(IT)
Good ! Now maybe someone could fix that mess :D
Posted on Reply
#11
Verpal
Our contacts in gaming journalism
Well at least we know there are good chance the assailant doesn't speaks English natively.
Posted on Reply
#12
W1zzard
Max(IT)
Good ! Now maybe someone could fix that mess :D
What I wanted to post
Posted on Reply
#13
1d10t
Maybe it's just angry costumer whom had nonrefundable physical disc.
Posted on Reply
#14
Valantar
thegnome
Honestly, not suprising with how dissapointing the 2077 launch went. Someone's bound to go overboard, inside or outside, to hack them.
Perhaps not surprising, but it's pretty damn depressing that an expected response to "someone made a game with lots of bugs" is "someone broke into their servers, stole all their files, and is now blackmailing them". The internet version of justice is very, very messed up.
Posted on Reply
#15
Dredi
Finally proper modding tools!
Posted on Reply
#16
BSim500
Valantar
Perhaps not surprising, but it's pretty damn depressing that an expected response to "someone made a game with lots of bugs" is "someone broke into their servers, stole all their files, and is now blackmailing them".
Well, attempted blackmail. It's bad they got hacked but +1 to CDPR for actually having functional offline backups and not paying a ransom. If everyone did this, this dumb Bitcoin ransomware problem would be solved already. (And yeah, looking at what the modding community has done with many other games, aside from bug fixing they might even finish off the missing AI code, add a Linux port, etc...) :D
Posted on Reply
#17
Chomiq
Heh, someone from our company just announced they will be planning a security audit.
Posted on Reply
#18
Night
Valantar
Perhaps not surprising, but it's pretty damn depressing that an expected response to "someone made a game with lots of bugs" is "someone broke into their servers, stole all their files, and is now blackmailing them". The internet version of justice is very, very messed up.
Wasn't the game postponed 2 times in order to be "polished"? Then they release that. IMO this wouldn't have happened if the game wasn't that hyped from the start, there wouldn't be so many mixed feelings. This is basically a great example why I never pre-order anything. Though, I think this is an inside job.
BSim500
Well, attempted blackmail. It's bad they got hacked but +1 to CDPR for actually having functional offline backups and not paying a ransom.
They'd still have to pay the ransom for the game source codes not getting to the public, and there's always no guarantee.
Posted on Reply
#19
Valantar
BSim500
Well, attempted blackmail. It's bad they got hacked but +1 to CDPR for actually having functional offline backups and not paying a ransom. If everyone did this, this dumb Bitcoin ransomware problem would be solved already. (And yeah, looking at what the modding community has done with many other games, aside from bug fixing they might even finish off the missing AI code, add a Linux port, etc...) :D
Sorry, but what is "attempted blackmail"? The crime is already fully committed once the threat of "pay us or we do X" is presented. Whether or not the target acquiesces is irrelevant.

But yeah, it does show how crucial secure offline backups are. Not having them is just gambling that nobody will find a reason to attack you, which ... well, given how flimsy that reasoning is shown to be time and time again, is a really poor wager.
Night
Wasn't the game postponed 2 times in order to be "polished"? Then they release that. IMO this wouldn't have happened if the game wasn't that hyped from the start, there wouldn't be so many mixed feelings. This is basically a great example why I never pre-order anything. Though, I think this is an inside job.
Are you joking? Again, this is what you are arguing is somehow reasonable.
Problem: Someone released a buggy game.
"Solution": Hack and blackmail them.

Whether or not the game was postponed for fixes is entirely irrelevant to how absurd this reasoning is.

Is CDPR alone responsible for the hype? Obviously not - rabid TW3 fans are clearly just as guilty. And "mixed feelings"? If you have mixed feelings towards someone, do you go over to their house and steal their things? This is precisely the kind of absurd logic I was pointing out.

I mean, it's pretty absurd that I apparently have to say this, but: Making a bad game is not a crime, nor anything worthy of any type of punishment. That obviously doesn't mean they deserve our time, money or sympathy either. Ignoring them and moving on (until they fix the game) is the only reasonable response. I get being excited and hyped for something new to come along, but if your reaction to those expectations not being met is to think "blackmail is kinda reasonable", then you've gone way, way off the deep end.
Posted on Reply
#20
Caring1
Should have posted the hackers contact details so people can PWN them.
Posted on Reply
#21
bug
Perforce, that's a blast from the past... It partly explains the dev difficulties over there.
Posted on Reply
#22
kapone32
thegnome
Honestly, not suprising with how dissapointing the 2077 launch went. Someone's bound to go overboard, inside or outside, to hack them.
That is an interesting opinion.
Posted on Reply
#24
Night
Valantar
Problem: Someone released a buggy game.
"Solution": Hack and blackmail them.

Whether or not the game was postponed for fixes is entirely irrelevant to how absurd this reasoning is.
It's clear that the motive in the text file is big unsatisfaction with the game/company which most likely caused this, at no point did I say that's alright to do. Hatred can be a better motivator than money in my opinion.
Posted on Reply
#25
Chomiq
Night
It's clear that the motive in the text file is big unsatisfaction with the game/company which most likely caused this, at no point did I say that's alright to do. Hatred can be a better motivator than money in my opinion.
You've got to be really naive to believe that their motive is anything other than to make money.
Posted on Reply
Add your own comment