CD Projekt Red has once again found itself in some hot water. As most of the gaming world watched the Summer Game Fest Kickoff on June 10, the studio quietly released an update about its recent hack. The data breach, which reportedly included Cyberpunk 2077 source code, wasn’t as contained as CDPR made it out to be.
Cyberpunk 2077 has had its fair share of problems over the past year. After controversial delays and a botched, bug-filled launch, the game’s studio suffered a sizeable data breach after a ransomware attack. While the company seemed to have a handle on the situation, that may not be the case.
The Cyberpunk Cyber-Attack
CDPR first announced the hack in February, a day after they reportedly discovered the breach. The ransom note, which CDPR also released publicly, claimed that hackers had stolen the source codes for Cyberpunk 2077, The Witcher 3 and Gwent. Perhaps more problematic for the company, the cybercriminals also claimed to have accessed HR and administration documents.
The note didn’t say what the hackers wanted from CDPR, but the company said it refused their demands. Despite the breach’s size, the studio said the targeted servers didn’t have any personal data from players or ex-employees. CD Projekt Red got to work decrypting their servers, and life seemed to go on unaffected.
A few days later, the hackers reportedly sold the data they stole in the attack. Still, nothing seemed to come of it. CDPR delayed the rollout of Patch 1.2 for a month, but not much else. The attack appeared to have come and gone without much noise.
More Trouble Than Expected
On June 10, CD Projekt Red revealed more information about the data breach. After looking further into the incident, the studio has discovered that the leaked data is now circulating the internet. While they haven’t been able to confirm exactly what that data includes, it may be more than people initially thought.
Most notably, CDPR mentioned that the leaked data could contain details about former and current employees. If that’s the case, this new information contradicts the studio’s initial statement. CDPR says that player data will remain unaffected, but it’s unclear how hackers might use the source code.
CDPR also mentioned how they’ve since updated their security practices. This echoes how many companies learned how cloud providers can offer superior security after the 2015 Sony hack. If this incident continues to mimic the Sony breach, then it will affect CDPR more than any of its customers.
If you’re playing Cyberpunk 2077, fear not. Your game will most likely go unaffected. You may want to be careful about where you download any DLC or updates, though, given the higher likelihood of piracy. CDPR may have to push this content back, too.
What’s Next for Cyberpunk 2077?
Cyberpunk 2077 and its parent studio have several changes ahead of them, for better or worse. The team behind the game recently announced they appointed a new director for future content. The hack could make their job dealing with DLC and updates more challenging, but it’s still unclear.
Despite its rocky release and this data breach, many players are enjoying Cyberpunk 2077. While this news about the February hack doesn’t help CDPR’s reputation, it likely won’t affect players. If you haven’t gotten the chance to play it yet, just be careful about pirated copies.