CD Projekt Red victim of cyber attack!
CD Project Red sent a Tweet into the world in which they explain how they got to be the victim of a cyber attack.
CDPR acknowledges that some of their internal servers got compromised because of the attack. Whoever got inside their systems, unauthorized, was able to collect information and data and they left a ransom note behind. It almost looks like it was a scene from a movie but this is the real deal.
In the ransom note, the hacker claims to have dumped a variety of source code copies of Cyberpunk 2077, The Witcher 3 and even an unreleased version of The Witcher 3. The hacker also let CDPR know that they have internal information coming from their accounting branch, administration, Human Resources, investors, etc. On top of that, all the hacker claims to have encrypted the CDPR servers but they have the knowledge that backup servers are still useable to replace the encrypted servers.
Whoever got into the servers ended the ransom note with the threat that the source codes and everything else they have into their possession will get leaked or sold to journalists who write about games in general, if an agreement could not be met. CDPR has 48 hours to respond.
In the note, there's apparently nothing said about any amounts. CDPR has to contact the hacker. But CDPR is not going to give in. That is obvious by the tone they are using in their own message on their Twitter account today.
We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.
CDPR also let everybody know that they are further investigating the incident. The proper authorities got involved, including the President of the Personal Data Protection Office and IT Forensic Specialists. CDPR will let no stone unturned to get to the bottom of this.
Maybe the most important thing for their playing community is that no personal data got hacked of them, so they can rest assured that their information is not at any risk.