CD Projekt Red has been the victim of a hacker who threatens to distribute confidential data if he does not get a ransom. The studio took the lead in denouncing this blackmail on Twitter. No personal data would have been stolen.
They were only missing that. CD Projekt, already singled out for the catastrophic release of Cyberpunk 2077, is the victim of a massive data breach. The responsible hacker threatens to divulge everything if the studio does not pay a ransom within 48 hours. It should be noted, however, that no personal player data is affected, according to CD Projekt. It’s already that.
Read also – Cyberpunk 2077: the PS5 and Xbox Series X versions will not be released before the end of 2021
CD Projekt Red does not intend to give in to blackmail and has decided to take the lead. On Twitter, the studio publishes the hacker’s message. The latter claims to have got his hands on the source codes of Cyberpunk 2077, Gwent, The Witcher 3, or a still unsuccessful version of the latter (probably the next-gen version). He also prides himself on having in his possession various sensitive administrative documents that it will disclose to those concerned if the ransom is not paid, and CD Projekt has already announced that it will not.
In addition to the pirate’s message, CD Projekt publishes a press release summarizing this story and declaring his intention not to give in to blackmail:
Yesterday, we discovered that we have been the victim of a targeted cyber attack and that the security of some of our internal systems has been compromised.
An unidentified hacker entered our internal system without our permission, collected data belonging to the CD Projekt group, and left a ransom note, which we are making public. While some of our devices have been encrypted in our internal network, our backups remain intact. We have already secured our infrastructure and started restoring this data.
We are not going to give in to this demand, nor negotiate with the hacker, and we are aware that this could potentially lead to the release of compromising data. We are taking the necessary measures to mitigate the consequences of such dissemination, especially notifying parties who may be affected by this attack.
We are still investigating the incident, but we can say at this time that – as far as we know – the compromised data does not contain any personal data of our players or users of our services.
We have notified the relevant authorities, such as the Polish Office for Personal Data Protection and specialized IT investigators, and we will cooperate with them to shed light on this incident.
Another blow for the Polish studio
Such an attack is not new to the video game world, but it comes at the worst time for CD Projekt. As a reminder, the studio (which also owns the GOG platform) released its last game two months ago: Cyberpunk 2077. A title singled out for its lack of finish and which highlighted a risky management during Development.
If CD Projekt says that no personal data has been compromised, we cannot advise you to be very careful and change your GOG password anyway. We never know. The identity of the hacker is not known, however, some Twitter users have noticed very British expressions in the message left by him, betraying his origin.
A blow for CD Projekt, whose employees are already under pressure. The developers are indeed working hard to improve the state of Cyberpunk 2077, which still needs to be improved. This hacking story should not compromise their work, as backups have been made, but no doubt it will not help create a good atmosphere in the offices.