It’s been a rough few months for Cyberpunk 2077 and its developer, CD Projekt Red. Cyberpunk 2077 launching in a rough state was only the beginning of the story. After that, the company had to contend with angry fans, falling stock prices, litigious investors and patches that sometimes made the game even worse.
On top of all that, CD Projekt Red must now deal with disgruntled hackers, who have breached company servers, installed ransomware and threatened to share all of their data online.
Information comes from CD Projekt Red, which presumably wanted to get word out to fans before the hackers did. On Twitter, the company posted a detailed explanation of the situation, as well as the hacker’s (poorly written) ransom note.
“An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD Projekt capital group, and left a ransom note the content of which we release to the public,” the company stated. “We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data.”
It may sound bad, but there are two saving graces. First, installing ransomware did not have the devastating effect the hacker might have hoped it would. CD Projekt’s backup drives remained unaffected, so if there was any data loss, it sounds like the company kept it to an absolute minimum.
Second, CD Projekt assured fans that “the compromised systems did not contain any personal data of our players or users of our services.” That’s good news, even for gamers who didn’t buy Cyberpunk 2077. Remember that CD Projekt also runs the GOG game store platform, as well as the GOG Galaxy launcher service.
As for the note itself, the hacker claims to have full copies of the source code for Cyberpunk 2077, The Witcher 3 and Gwent (the standalone card game based on The Witcher). They also claim to have “documents relating to accounting, administration, legal, HR, investor relations and more,” which may be the bigger deal. While distributing a game’s source code could make a title easier to pirate, you can’t really modify and sell it, and nothing in it would be very interesting to a lay audience.
The business documents, on the other hand, the hacker threatened to “[send] to our contacts in gaming journalism,” where perhaps they hope some malfeasance will come to light. It’s unlikely that a reputable journalist would accept stolen documents, but we imagine that combing through them could be a field day for a more tabloid-style publication.
In any case, the hacker has given CD Projekt 48 hours to respond — and since CD Projekt has already responded, there’s nothing to do now but wait. Hacking major companies to share sensitive data with the public may be in the spirit of the cyberpunk genre, but the driving force here seems to be malice rather than public interest.