‘Cyberpunk 2077’ game studio says hackers exposed data
Video game company CD Projekt says a cyberattack exposed some of its data, and the intruders left a ransom note claiming they accessed the source code for “Cyberpunk 2077” and other games.
The Poland-based studio said in a tweet Tuesday that “an unidentified actor gained unauthorized access to our internal network” and “collected certain data belonging to CD PROJEKT capital group.” The attackers encrypted some devices, but backups remained intact, CD Projekt said.
The alleged ransom note — published in CD Projekt’s tweet about the incident — indirectly refers to recent troubles for the company, which was criticized for the bug-filled rollout of the much-ballyhooed “Cyberpunk 2077” in December. Sony removed it from its PlayStation Store about a week after the release. Some investors sued the company over the rollout.
“Your public image will go down the shitter even more,” if the attackers’ demands aren’t met, the note says. It doesn’t specify what those demands are. “You have 48 hours to contact us,” the note says.
The attackers claim to have source codes for “Cyberpunk 2077,” “The Witcher 3” and other games, as well as “all of our documents relating to accounting, administration, legal, HR, investor relations and more!” The note appears to have been delivered as a Windows notepad file.
CD Projekt said it will not negotiate with the attackers, adding that it has contacted law enforcement about the incident. The statement does not specify whether the incident involved ransomware or some other method of attack.
“We are still investigating the incident, however at this time we can confirm that — to our best knowledge — the compromised systems did not contain any personal data of our players or users of our services,” the company said.
The company’s stock was down 4.5% as of Tuesday, CNBC noted, after falling more than 30 percent since the release of “Cyberpunk 2077.” ZDNet noted that this is the second time CD Projekt was hacked for data related to the game.
Large video game companies are familiar targets for cybercriminals for various reasons, including their large customer bases, their lucrative intellectual property and their ability to generate buzz.
Read CD Projekt’s statement and the alleged ransom note below: