CD Projekt Pink was hacked in February, ensuing within the theft of inside paperwork and supply code for video games together with Gwent, The Witcher 3: Wild Hunt, and Cyberpunk 2077. The hackers threatened to launch the information except a ransom was paid, which the studio refused to do; shortly thereafter the hackers reportedly started releasing the code, which CD Projekt tried to maintain a lid on by the use of DMCA takedown notices.
Regardless of these efforts, it was reported by databreaches.internet (by way of Eurogamer) earlier this month that the stolen knowledge—starting from supply code to inside “comedy bug reels“—are within the wild, and that passwords to the encrypted recordsdata had both been cracked or had been being shared voluntarily. Both approach, it appeared that anybody who wished entry may get it.
Immediately, CD Projekt issued a assertion confirming that the information is actually now being circulated on-line. “We’re not but in a position to verify the precise contents of the information in query, although we imagine it could embrace present/former worker and contractor particulars along with knowledge associated to our video games,” it mentioned. “Moreover, we can not verify whether or not or not the information concerned could have been manipulated or tampered with following the breach.”
IMPORTANT UPDATERead extra: https://t.co/qd6sc5VF3I pic.twitter.com/kKi1GkIaLOJune 10, 2021
CD Projekt is now working with regulation enforcement companies together with the Normal Police Headquarters of Poland, Interpol, and Europol, in addition to different “applicable providers [and] consultants” to resolve the matter. It is also carried out plenty of new inside safety measures to assist stop breaches like this sooner or later:
- Our core IT infrastructure has been redesigned and rolled out
- New next-generation firewalls with superior anti-malware safety have been carried out
- A brand new remote-access answer has been employed
- The variety of privileged accounts, and entry rights to accounts, has been restricted
- A brand new mechanism for the safety of endpoints, servers, and networks has been put in
- Our event-monitoring mechanisms have been improved
- We’ve got expanded our inside safety division
“We might additionally wish to state that—whatever the authenticity of the information being circulated—we are going to do the whole lot in our energy to guard the privateness of our staff, in addition to all different concerned events,” CD Projekt mentioned. “We’re dedicated and ready to take motion in opposition to events sharing the information in query.”
It is progress, but it surely’s additionally shocking (and, truthfully, disappointing) that 4 months after the assault, CD Projekt nonetheless cannot say precisely what knowledge was stolen, or who is likely to be impacted by it. The timing of at this time’s announcement, which appeared with out discover within the midst of Geoff Keighley’s Summer time Sport Fest Kickoff livestream, additionally raised just a few eyebrowsm
Dropping this now throughout a week-long kickoff of gaming press occasions?Doesn’t precisely encourage confidence.June 10, 2021
posting this throughout Keighley’s factor is laughable. good christ.June 10, 2021
Wow, the quantity of goodwill you already burned, and now you launch this in the course of Summer time Gamefest – simply wow.June 10, 2021
I’ve reached out to CD Projekt for extra data on what knowledge was taken throughout the breach, and can replace if I obtain a reply.