CD Projekt Red Hacked
February 23, 2021
Hacking and Ransomware has been an issue in game development for a long time now, but for a while, most companies opted to deal with it silently, paying off the hacker and sweeping it under the rug. It’s nowhere near a new problem, but the industry may see a new approach as recently developer CD Projekt Red has taken a different approach to handling the crime.
On the 8th of February, 2021, the company discovered their servers had been accessed by a group of hackers. They left behind a ransom note stating they stole the files for various games such as Cyberpunk 2077, Gwent, and the Witcher 3, stole various company documents, as well as encrypted the servers. The note, written as a basic notepad document, also threatened to release the game files to the public and the documents to press with the aim to defund the company and ruin its reputation. The company was given forty eight hours to respond.
The day after, CD Projekt Red announced in a Tweet that they will not give in to the hacker, are taking the proper steps to mitigate the the fallout of a leak, and utilizing the the proper resources to investigate the incident. They also assured users and ex-employees that none of their personal information has been compromised, but if there are any questions to contact their Privacy Team. For now, that’s all they have stated on the matter.
Although the company has stated very little, the community has a lot to say. Some people have great praise and support for CD Projekt Red, and their response like Joe Tidy, Cyber reporter for the BBC, stated on Twitter, “In one Tweet, the company has demonstrated a new gold standard response to dealing with ransomware.” Although in the replies to the company’s Tweet, many disgruntled fans express joy at the newfound struggle such as user @Doug_919 who wrote, “Well when you release a broken game, it’s no surprise you’re being targeted.” Others have come to defend the company against these statements such as “People who say this is ‘fair’ or ‘to be expected’ because of the problems of Cyberpunk 2077 should take a good look in the mirror and ask themselves how ‘fair’ their lives would be if they got death threats, hacked and things of that nature for each time they messed something up,” as stated by Alex Moukala, a statement I’m inclined to agree with. This negative sentiment of course has grown in response to the recent controversial release of Cyberpunk 2077 as is implied in Moukala’s Tweet.
True to the hacker’s word, the source files to Gwent, CDPR’s card game based on the Witcher franchise, were released online on January 10th, 2021 and the files to both the Witcher 3 and Cyberpunk 2077 went on auction starting at one million dollars. The post, on exploit.in, a Russian hacking forum, listing the auction was under the name “redengine” and operating on Moscow time. The auction closed after the sellers received a satisfying offer from outside the forum with “conditions of further non-distribution.”
None of this bodes well for the company though especially with their parent company, CD Projekt, under a law suit over the controversial release of Cyberpunk 2077.