Alex Birlo on February 12, 2021
Today we’re going to take a look at the news that last week CD Projekt Red got hacked and lost loads of confidential data!
Oh boy… I already swore a personal oath not to talk anymore about CDPR and the catastrophe that they turned a relatively okay game into.
Yes, I am one of those who liked the game. But I am also one of those who understands and acknowledges that the end result was incredibly underwhelming when compared to what they promised.
But what is going on now is already too much. I feel so sorry for the poor fellows who work for CDPR and who were developing this game.
You see, last week, an unknown group or person, managed to gain access to CDPR’s internal network and steal a load of important data.
This data included the source codes for Cyberpunk 2077, The Witcher 3: Wild Hunt, Gwent, and the unreleased version of the Witcher 3.
The bigger problem though, is that the perpetrators also stole all of the company’s documentation on accounting, administration, legal, HR of all things, and investor relations.
CDPR made an official statement on Twitter, openly telling everyone about this entire issue and revealed some details.
It appears that the intruders also left a ransom note, where they list all the above mentioned data that they stole and also say the following:
“If we will not come to an agreement, then your source codes will be sold or leaked online and your documents will be sent to our contacts in gaming journalism. Your public image will go down the shitter even more and people will see how you shitty your company functions (that’s btw not my typo). Investors will lose trust in your company and the stock will drive even lower!
You have 48 hours to contact us”.
Sounds like a crappy movie about hackers, that fight for the truth, and against corporate abuse. But it is quite frankly all bullshit.
Regardless of what you think about the game, this is not how issues are solved.
This is a crime and the perpetrators obviously were not pursuing a righteous goal to expose CDPR for bad practices and employee mistreatment.
They were clearly exploiting the already bad situation that the company got itself into, and the fact that many people would be willing to cash out a hefty sum for the company’s private data at this point.
The verge published a comprehensive article, following all the available evidence that the theft was actually real and a tweeter account “vx-underground” who tweets and follows all sorts of thing of this sort.
The screenshots prove that after CDPR officially stated that they will not be negotiating with the hackers, there indeed was an auction held on an Exploit forum to sell the data.
And eventually it was sold, though it is unknown for how much – but it is clearly in the millions.
The hackers’ goal was clearly to turn a profit on this.
Since the information they just sold to someone on the darknet most certainly contains very private and confidential information on employees too.
Employees who had nothing to do with the mismanagement that was the fault of the higher-ups and the decision-makers who influenced the development process, that in turn brought to the release of an underwhelming product.
The developers themselves do not deserve death threats, they do not deserve the mean words thrown at them for decisions that were up to the upper management and not to them.
And I most certainly do not think they deserve their private information and confidential data to be stolen and sold-out like some goods.
Sources:
CDPR Tweet: https://twitter.com/CDPROJEKTRED/status/1359048125403590660
The Verge Article: https://www.theverge.com/2021/2/10/22276664/cyberpunk-witcher-hackers-auction-source-code-ransomware-attack
vx-underground tweets thread: https://twitter.com/vxunderground/status/1359568916339646466