CD Projekt Red Hacked, Source Code Held Ransom

Hackers claim to have stolen sensitive employee information

Chris de Hoog
Chris de Hoog | February 9, 2021
CD Projekt Red Delays Cyberpunk 2077 Once Again

Cyberpunk 2077 developer CD Projekt Red is the victim of “a targeted cyber attack,” which allegedly compromised employees’ personal information and the source code for their biggest games.

The Polish studio became aware of the situation Monday when their servers were encrypted. According to a statement released on their social media this morning, they have begun restoring their system via backups, and are working with the authorities and IT forensic specialists to investigate the attack.

Cd Projekt Red Is Working To Restore Its Servers And Mitigate The Potential Damage After A Cyber Attack Stole Their Source Code And Personal Information Monday.
CD Projekt Red is working to restore its servers and mitigate the potential damage after a cyber attack stole their source code and personal information Monday. (CD Projekt Red)

In the ransom note, which CD Projekt Red also released, the perpetrator claimed to have stolen full copies of the source code for Cyberpunk 2077, The Witcher 3, an unreleased version of The Witcher 3, and Gwent. They also claimed to have “dumped all of your documents relating to accounting, administration, legal, HR, investor relations, and more”—though the personal information of players was not included, to the studio’s best knowledge.

“Your have been EPICALLY pwned!!” The perpetrator bragged (sic), before threatening to release the documents and sell the code if an agreement is not reached within 48 hours. Their expressed intent is to further shake investors’ trust in the studio, and drive its stock lower.

“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” CD Projekt Red declared in its statement. “We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.”

Capcom was hit by a similar attack last fall, with internal financial and HR information compromised. However, they were able to verify that customer credit card information was not included, as they use a third-party to handle such data. Nintendo has had a veritable heap of beta source code stolen from its vaults in recent years as well, including the long-lost demo version of Pokémon Gold & Silver, and other unannounced projects. CD Projekt Red may have its stolen information fall into the public eye in the same fashion.

Chris de Hoog
Chris de Hoog

A writer and podcaster from Ontario, Chris discovered role-playing games with Final Fantasy on the NES and has been overthinking them ever since. Having written for Final Fantasy Union since 2016, he brought his lifelong love for games to CGMagazine in 2020. He founded the Quarter Portion Podcast, a Star Wars show, and is a regular on CGM’s Pixels & Ink podcast. Also an avid fan of tabletop and retro gaming, he can be found streaming with his D&D group on the Twitch channel @guildtwotaps.

This post may contain affiliate links. If you use these links to buy something, CGMagazine may earn a commission. However, please know this does not impact our reviews or opinions in any way. See our ethics statement.

File Under: CD Projekt Red, Cyberpunk
Games Discussed:
Cyberpunk 2077
<div data-conversation-spotlight></div>