CyberPunk 2077 Dev CD Projekt Red Finally Admits Its Data Security Breach Was A Nightmare
Back in February, developer CD Projekt Red confirmed it fell prey to a "targeted cyber attack" and went about contacting former employs and contractors, saying at the time that it did not know if any personal data was compromised, but that the "probability of such a leak is low." Now four months later, the Cyberpunk 2077 developer has provided a sobering update on the matter.
"We have learned new information regarding the breach, and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet," CD Projekt Red states. "We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games."
It is a one-eighty flip from February, with CD Projekt Red going from saying the probability of employee and contractor details being compromised is low, to there now being a high likelihood of that having happened, as a result of the brazen ransomware attack. The developer also insinuated that the culprits are in possession of certain source code, as was rumored to the be the case when news of the breach first circulated.
To recap, in February a hacker had leaked the source code for Gwent, a card game based on The Witcher, to a popular hacking forum. The hacker titled the data dump "CDProject Leak #1," which suggested that more leaks would be on the way.
It was also reported at the time that the hacker was auctioning off source code for both The Witcher 3 and Cyberpunk 2077, with a starting bid of $1,000. It's not clear whatever became of that, but CD Projekt Red's update on the breach at large at least hints that hackers made off with valuable source code. It's at least serious enough that the developer is cooperating with several agencies, including Interpol.
"Currently, we are working together with an extensive network of appropriate services, experts, and law enforcement agencies, including the General Police Headquarters of Poland. We have also contacted Interpol and Europol. The information we shared in February with the President of the Personal Data Protection Office (PUODO) has also been updated," CD Projekt Red said.
It still feels like the developer knows more than it is letting on. Has the source code for Cyberpunk 2077 really been compromised? We have a feeling CD Projekt Red knows the answer, or at least has a good idea, even it cannot be 100 percent confirmed.
In any event, the developer's statement quickly shifted focus on outlining what improvements it made to prevent a similar breach from happening in the future. For example, CD Projekt Red said it redesigned its core IT infrastructure, upgraded its firewalls, reduced the number of privileged accounts, improved its event monitoring mechanisms, and more.
Better late than never, right?