CD Projekt Red’s internal systems were hacked back in February, with the attackers leaving a ransom note claiming they’d nabbed copies of the source codes for Cyberpunk 2077, The Witcher 3 and Gwent. Last week, reports that source code was being shared online surfaced, after the hackers put them up for auction. Now, however, it seems game data might not have been the most sensitive information they stole. “We have learned new information regarding the breach, and now have reason to believe that internal data illegally obtained during the attack is currently being circulated on the Internet,” CDPR posted last night. “We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.” They say they’re currently working with “an extensive network of appropriate services, experts, and law enforcement agencies” to deal with the leaks. They’ve also detailed some of the measures they’ve taken since the hack to tighten up security, such as redesigning their IT infrastructure, implementing “next-generation” firewalls and anti-malware protection, limiting access to privileged accounts and more. “We would also like to state that - regardless of the authenticity of the data being circulated - we will do everything in our power to protect the privacy of our employees, as well as all other involved parties,” they add. “We are committed and prepared to take action against parties sharing the data in question.” Last week, the group that hacked CPDR reportedly released a montage video of Cyberpunk 2077 bugs that the developers made during development. It’s a common practice in game dev, funny reels of quirks and mishaps whipped together for the team to enjoy internally. But given that the game launched in a buggy state too, this being made public looks bad for CDPR - which is likely why people leaked it. It’s also an example to other devs of what can happen when you don’t give in to a ransom.
