Cyberpunk 2077 developer CD Projekt has been having a hard year with one bad news followed by another. After a troublesome launch, and security vulnerabilities with the game’s modding tools, the developer has now revealed in a tweet that a cyberattack has compromised its internal systems.
Attackers have collected data belonging to the CD Projekt capital group and left a ransom note, asking the developer to meet their requirements in 48 hours. CD Projekt has revealed that the source code for some of its games was stolen, along with other important data.
The attacker has allegedly revealed in a ransom note that the source code for games including Witcher 3, Gwent and the recently launched Cyberpunk 2077 was stolen in the attack. The source code for an unreleased version of Witcher 3 was also stolen, along with various documents pertaining to the game’s accounting, administration, human resources and other elements.
The developer is already taking action by approaching the relevant authorities, including law enforcement and the President of the Personal Data Protection Office. CD Projekt is also approaching IT forensic specialists and has said that it will “closely co-operate with them in order to fully investigate this incident.”
Although the data stolen for ransom by the attackers was important, CD Projekt has made it clear that it will not be giving in to the demands of the attackers. The developer has revealed that although some devices in its network were encrypted by the attacker, backups remained intact. CD Projekt has already begun restoring lost data via these backups.
“We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of compromised data,” said CD Projekt in a statement. “We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach,” it added.
Important Update pic.twitter.com/PCEuhAJosR
— CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
While CD Projekt is still investigating the specifics of the attack, it has confirmed ‘to the best of its knowledge’ that the compromised systems did not contain any personal data of its players or service users.