Cyberpunk 2077 Dev CD Projekt Red Hacked, Perpetrator Demands Ransom

The attackers say they will release sensitive information if CD Projekt Red does not meet its demands.

78 Comments

CD Projekt Red has revealed it has been the victim of a cyberattack. The Cyberpunk 2077 and Witcher developer shared a ransom note, which threatened to release sensitive information, including source code for CDPR's games, if the hackers' demands aren't met.

In a statement, CDPR confirmed that an "unidentified actor" gained access to the company's servers and has obtained sensitive information. To the extent that CDPR is aware, no personal data was exposed, but the developer's own properties, information, and data has reportedly been accessed by the hackers.

CDPR is working with law enforcement and other parties to get to the bottom of the attack. The developer also released the ransom note, which states, "Your have been EPICALLY pwned ! !"

The note states that the attackers have gained access to the source code for Cyberpunk 2077, The Witcher 3, Gwent, and an unreleased edition of The Witcher 3. The attackers also report to have documents pertaining to CDPR's accounting, administration, legal, HR, and investor relations departments. Further, it mentions another hit to CDPR's "public image," likely referencing the troubled reception to Cyberpunk 2077.

"If we will not come to an agreement, then your source codes will be sold or leaked," the ransom note says. "Your public image will go down the shi**er even more and people will see how you shi**y your company functions."

The ransom note ended with an ultimatum: "You have 48 hours to contact us."

It looks like the group is going forward with its threat, too. According to Tom's Hardware, source files for various CD Projekt Red games, including Cyberpunk 2077, are being put up for auction.

CDPR said in its own statement that it "will not give in to the demands no negotiate with the actor," even if it means that the sensitive information is eventually released.

The developer followed up later in the day with a tweet directed at its former employees. The studio said it doesn't believe any of their personal data was accessed, but it can't guarantee this, and as such, the studio said former developers should enable fraud alerts and be generally cautious.

This is an ongoing story, so check back with GameSpot for the latest.

GameSpot may get a commission from retail offers.

Got a news tip or want to contact us directly? Email news@gamespot.com

Join the conversation
There are 78 comments about this story