Hackers claim to have stolen sensitive employee information
Chris De Hoog |
Feb 9, 2021
Cyberpunk 2077 developer CD Projekt Red is the victim of “a targeted cyber attack,” which allegedly compromised employees’ personal information and the source code for their biggest games.
The Polish studio became aware of the situation Monday when their servers were encrypted. According to a statement released on their social media this morning, they have begun restoring their system via backups, and are working with the authorities and IT forensic specialists to investigate the attack.
In the ransom note, which CD Projekt Red also released, the perpetrator claimed to have stolen full copies of the source code for Cyberpunk 2077, The Witcher 3, an unreleased version of The Witcher 3, and Gwent. They also claimed to have “dumped all of your documents relating to accounting, administration, legal, HR, investor relations, and more”—though the personal information of players was not included, to the studio’s best knowledge.
“Your have been EPICALLY pwned!!” The perpetrator bragged (sic), before threatening to release the documents and sell the code if an agreement is not reached within 48 hours. Their expressed intent is to further shake investors’ trust in the studio, and drive its stock lower.
“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” CD Projekt Red declared in its statement. “We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.”
Capcom was hit by a similar attack last fall, with internal financial and HR information compromised. However, they were able to verify that customer credit card information was not included, as they use a third-party to handle such data. Nintendo has had a veritable heap of beta source code stolen from its vaults in recent years as well, including the long-lost demo version of Pokémon Gold & Silver, and other unannounced projects. CD Projekt Red may have its stolen information fall into the public eye in the same fashion.