CD Projekt Red has been hacked, with several company documents and source codes for their games being stolen and held under ransom.
The Cyberpunk 2077 developers announced that the hacking had taken place on Twitter, also sharing the rather cringy ransom note left behind by the hackers. The note claims that the source code for Cyberpunk 2077 (opens in new tab), Witcher 3, Gwent, and an unreleased version of Witcher 3 has been stolen. Documents relating to accounting, administration, legal, HR, investor relations, "and more" are also allegedly compromised.
CDPR hasn't explicitly confirmed or stated what data has been dumped, saying the hackers gained access to "certain data belonging to CD PROJEKT capital group." They also reassured people that currently, there is no evidence to suggest any personal data of players was stolen.
Important Update pic.twitter.com/PCEuhAJosRFebruary 9, 2021
The hackers also managed to encrypt CDPR's servers, though the company has confirmed "our backups remain intact. We have already secured our IT infrastructure and begun restoring the data."
The ransom note claims CDPR has been "EPICALLY pwned" and threatens to leak or sell the source code online if the company does not reach an agreement with them. The hacking group also said they would send the company documents to their "contacts in gaming journalism."
"Your public image will go down the shitter even more and people will see how you shitty your company functions. Investors will lose trust in your company and the stock will dive even lower!"
CDPR revealed they would not be negotiating with the hackers, despite the threats to leak the information: "We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data.
"We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach."
The hacking is already under investigation, with CDPR saying: "We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate this incident."