It seems like Cyberpunk 2077 dev CD Projekt Red just can’t catch a break; after what was considered by various outlets and publications as a “disastrous” Cyberpunk 2077 release, due primarily to the game being released in a bug-laden, unfinished state, CDPR has been diligently releasing hotfixes and patches to ameliorate the game’s stature and playability — but even fixing the game hasn’t gone off without a hitch. Cyberpunk 2077‘s latest update, the 1.11 Hotfix, actually had to be implemented to fix the game-breaking “Takemura” bug which a previous hotfix introduced.
As if all that wasn’t enough, CDPR revealed on Tuesday (via Twitter) they were the victim of a “targeted cyber attack,” in which the offending hacker/hacker group gained unauthorized access to the developer’s internal systems and network.
“An unidentified actor gained unauthorized access to our internal network,” CDPR explained in a public statement presented on the tweet, “collected certain data belonging to CD PROJEKT capital group, and left a ransom note the contents of which we release to the public. Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.” The developer is still investigating the hack, but as of right now, states that the systems compromised did not contain any personal information relating to those who play games put out by CD Projekt RED.”
The offending hacker/hacker group in question also left a ransom note stating their demands as well as claims that they had procured the source codes to Cyberpunk 2077, The Witcher 3: Wild Hunt, Gwent and even an unreleased version of The Witcher 3. The hacker’s “ransom note” can be seen below:
CDPR asserted that they will not be giving into the hacker’s demands, “being aware that this may eventually lead to the release of the compromised data. We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be effected due to the breach.”
CDPR added that no personal information should have been gained by the targeted cyber attack. “We are still investigating the incident,” the dev added, “however at this time we can confirm that — to the best of our knowledge — the compromised systems did not contain any personal data of our players or users of our services.” That affirmation extends to CDPR employees as well, which CPDR addressed in a reply to their original message.
“To our ex employees: As of this moment, we don’t possess evidence that any of your personal data was accessed,” CDPR said in the reply. “However, we still recommend caution (i.e. enabling fraud alerts).”
CDPR ended the statement by noting that the proper authorities had been notified to ensure that the investigation surrounding the cyber attack will be as thorough and conclusive as possible. “We have already approached the relevant authorities, including law enforcement and the President of the Personal Data Protection Office, as well as IT forensic specialists, and we will closely cooperate with them in order to fully investigate this incident.”
What do you think of the news that dev CD Projekt Red was the victim of a targeted cyber attack? Let us know what you think in the comments.