CD Projekt Pink was hacked in February, ensuing within the theft of inside paperwork and supply code for video games together with Gwent, The Witcher 3: Wild Hunt, and Cyberpunk 2077. The hackers threatened to launch the info except a ransom was paid, which the studio refused to do; shortly thereafter the hackers reportedly started releasing the code, which CD Projekt tried to maintain a lid on by means of DMCA takedown notices.
Regardless of these efforts, it was reported by databreaches.web (through Eurogamer) earlier this month that the stolen knowledge—starting from supply code to inside “comedy bug reels”—are within the wild, and that passwords to the encrypted information had both been cracked or have been being shared voluntarily. Both approach, it appeared that anybody who wished entry might get it.
As we speak, CD Projekt issued a press release confirming that the info is the truth is now being circulated on-line. “We’re not but in a position to affirm the precise contents of the info in query, although we consider it might embrace present/former worker and contractor particulars along with knowledge associated to our video games,” it mentioned. “Moreover, we can not affirm whether or not or not the info concerned could have been manipulated or tampered with following the breach.”
IMPORTANT UPDATERead extra: https://t.co/qd6sc5VF3I pic.twitter.com/kKi1GkIaLOJune 10, 2021
CD Projekt is now working with legislation enforcement businesses together with the Normal Police Headquarters of Poland, Interpol, and Europol, in addition to different “applicable providers [and] consultants” to resolve the matter. It is also carried out numerous new inside safety measures to assist forestall breaches like this sooner or later:
- Our core IT infrastructure has been redesigned and rolled out
- New next-generation firewalls with superior anti-malware safety have been carried out
- A brand new remote-access answer has been employed
- The variety of privileged accounts, and entry rights to accounts, has been restricted
- A brand new mechanism for the safety of endpoints, servers, and networks has been put in
- Our event-monitoring mechanisms have been improved
- We’ve expanded our inside safety division
“We might additionally wish to state that—whatever the authenticity of the info being circulated—we are going to do every part in our energy to guard the privateness of our staff, in addition to all different concerned events,” CD Projekt mentioned. “We’re dedicated and ready to take motion in opposition to events sharing the info in query.”
It is progress, nevertheless it’s additionally stunning (and, actually, disappointing) that 4 months after the assault, CD Projekt nonetheless cannot say precisely what knowledge was stolen, or who is perhaps impacted by it. The timing of at the moment’s announcement, which appeared with out discover within the midst of Geoff Keighley’s Summer season Recreation Fest Kickoff livestream, additionally raised just a few eyebrowsm
Dropping this now throughout a week-long kickoff of gaming press occasions?Doesn’t precisely encourage confidence.June 10, 2021
posting this throughout Keighley’s factor is laughable. good christ.June 10, 2021
Wow, the quantity of goodwill you already burned, and now you launch this in the midst of Summer season Gamefest – simply wow.June 10, 2021
I’ve reached out to CD Projekt for extra data on what knowledge was taken throughout the breach, and can replace if I obtain a reply.