CD Projekt Red, developers of Cyberpunk 2077 and The Witcher 3: Wild Hunt, have confirmed that they have been hacked and that several “internal systems” have been compromised. The hacker has left a ransom note, demanding money and giving CD Projekt Red 48 hours to contact them. CD Projekt Red has however confirmed that they will not negotiate with the hacker and that they are investigating the incident. No personal information of those that played or purchased games from CD Projekt Red has been leaked.
Here’s what CD Projekt Red had to say:
Yesterday we discovered that we have become a victim of a targeted cyber attack, due to which some of our internal systems have been compromised.
An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the contents of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured out IT infrastructure and begun restoring the data.
We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.
We are still investigating the incident, however at this time we can confirm that – to our best knowledge – the comprised systems did not contain any personal data of our players or users of our services.
We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT Forensic specialists, and we will closely cooperate with them in order to fully investigate this incident.
Here’s the ransom note:
!!!!!!!!!!!!!!!!!! Hello CD Projekt !!!!!!!!!!!!!!!!!!
Your have been EPICALLY pwned!!
We have dumped FULL copies of the source codes from your Perforce sever for Cyberpunk 2077, Witcher 3, Gwent and the unreleased version of Witcher 3!!!
We have also dumped all of your documents relating to accounting, administration, legal, HR, investor relations and more!
Also, we have encrypted all of your servers, but we understand that you can most likely recover from backups.
If we will not come to an agreement, then your source codes will be sold or leaked online and your documents will be sent to our contacts in gaming journalism. Your public image will go down the shitter even more and people will see how shitty your company functions. Investors will lose trust in your company and the stock will dive even lower!
You have 48 hours to contact us.