If you thought the chaos surrounding CD Projekt Red and Cyberpunk 2077 was starting to die down as we move into February, we’ve got some bad news.
According to CD Projekt Red, they were the victims of a cyberattack during which the hackers were able to gain access to source code for Cyberpunk 2077, The Witcher, and Gwent along with sensitive internal documents and data.
The hackers left a message for CD Projekt Red informing the company of what they’d taken, then demanded to be contacted within 48 hours to work out a deal.
CD Prokject Red’s answer can be quickly summed up as, “Nope, not going to happen.”
CDPR Hacked, Source Code For Cyberpunk 2077 and Witcher 3 Stolen
On social media, CD Projekt Red made information about a cyberattack they suffered yesterday evening public in order to properly address and work through it.
First, they shared an image containing an official statement from the company. Second, they shared the full, unedited note that the hackers left for them.
Starting with the note from CD Projekt Red, it reads:
“Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised. An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact.
We have already secured our IT infrastructure and begun restoring the data. We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.
We are still investigating the incident, however at this time we can confirm that — to our best knowledge — the compromised systems did not contain any personal data of our players or users of our services. We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate this incident.”
Now there’s a lot to unpack from CD Projekt Red’s statement alone. Within this statement, it’s confirmed that a hack did in fact take place and that the hacker was able to collect a concerning amount of data from it.
CD Projekt Red doesn’t go into too many specifics about everything that was accessed, but assured players that they don’t believe any of their personal data was compromised. The focus seems to have been on CD Projekt Red and CD Projekt Red alone.
The note from the hacker as made public by CD Projekt Red offers a bit more clarity in regards to the situation the company now finds themselves in. A situation bad enough that they’ve reached out to several authorities in order to look into the incident further.
Important Update pic.twitter.com/PCEuhAJosR— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
The hacker’s note starts with the cringeworthy text “You have been epically pwned!!” before divulging the extent of what they were able to access during the attack.
“We have dumped FULL copies of the source codes from your Preforce server for Cyberpunk 2077, Witcher 3, Gwent, and the unreleased version of Witcher 3.”
The unreleased version of Witcher 3 that’s being referenced is likely the one for next-gen consoles.
“We have also dumped all of your documents relating to accounting, administration, legal, HR, investor relations, and more.”
The threat here is that these documents may contain damning information about CD Projekt Red and result in further PR issues for the company. However, with CD Projekt Red quickly swooping in to say they won’t cooperate with the hacker’s demands, it seems like there may not be a whole lot in these documents that they’re worried about being made public.
Given that CD Projekt Red has made it clear they won’t cooperate with the hacker in any way, we may see some of what was accessed shared in greater detail over the next week. It’s hard to say, but we imagine CD Projekt Red will release additional statements to social media addressing anything that may or may not be made public as a result of their dismissal of the hacker’s demands.
Stay tuned, as we’ll be updating this story as more information is shared by CD Projekt Red.