Cyberpunk 2077 was one of the most anticipated game launches of the last few years, and also one of the most tumultuous. In addition to huge technical problems and consumer blowback, the game’s developer CDProjekt Red has announced that it’s been the victim of a ransomware attack. The hackers are threatening to release the source code for Cyberpunk and other games.
CDPR publicly posted the hackers’ demands, saying that the company will not pay the demanded ransom and is cooperating with investigating authorities. In addition to claiming that they have captured source code for Cyberpunk 2077, The Witcher III, and Gwent, the hackers claim that they have “documents relating to accounting, administration, legal, HR, investor relations and more.”
Cyberpunk 2077 is set in a dystopian future, where people regularly augment their bodies with hardware and software, and information (and the accessing thereof) is power. It’s also a world where massive corporations protect deadly secrets with labyrinthian data security protocols. So, yeah, this situation is kind of weird.
Important Update pic.twitter.com/PCEuhAJosR
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
CDPR says that the hack is legitimate, but has not confirmed what’s been taken. The company claims that as far as it can tell, no customer data (such as login IDs, passwords, or credit card numbers) was taken, and that it can restore all of its stolen data via standard backups. It has no intention of contacting the hackers or paying a ransom, which means that potentially lucrative game code and embarrassing internal documents may be made public soon. CDPR’s custom-tuned REDengine, which powers Cyberpunk and The Witcher, would be crammed full of proprietary technology.
Based on what little information is available, it’s hard to tell if CDPR’s data security practices are lacking, or if it was specifically targeted after the very public events surrounding the Cyberpunk launch. CDPR’s developer forum was hacked in 2017, and a previous version of the Cyberpunk game included a critical security bug that theoretically allowed modded games to be infected with malicious code.