CD Projekt Red has been the victim of a cyberattack and, has so far, been extremely transparent about it. The developer shared a ransom note that was sent to the company. It threatens to release sensitive information, including source code for CDPR’s games if the demands of the hacker are not met.
The developer released their own statement, confirming the “unidentified actor” gained access to the company’s servers, thus obtaining the sensitive information. As far as CD Projekt Red is aware, no personal data was stolen, but the developer’s property, info and data has reportedly been accessed by the hackers.
They are currently working with law enforcement and other parties to get to the bottom of it. Alongside their statement they also released the ransom note.
The note indicates that the attackers gained access to the source code for Cyberpunk 2077, The Witcher 3, Gwent and an unreleased edition of The Witcher 3. They also report having documents of CDPR’s accounting, administration, HR, legal and investor relations. It further mentions a possible hit to the company’s “public image.”
“Your public image will go down the shi**er even more and people will see how you shi**y your company functions,” the note reads.
CD Projekt Red also stated they “will not give in to the demands nor negotiate with the actor,” even if all their information in released.
A later tweet was directed towards their former employees. The studio reiterated they didn’t believe any personal data was taken, but they can’t guarantee this. So CD Projekt is recommending former developers enable fraud alerts and be cautious.
To our ex employees: As of this moment, we don’t possess evidence that any of your personal data was accessed. However, we still recommend caution (i.e. enabling fraud alerts). If you have questions, please write to our Privacy Team dpo[at]https://t.co/0UUMoqT5tF— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021