For those who don’t want to click through to Twitter
So if the breach is to be believed, and CDPR seems to think it should be, they have had the following stolen:
- Source code for Cyberpunk 2077
- Source code for The Witcher 3
- Source code for Gwent
- An unreleased version of The Witcher 3
- Accounting Records
- Administration Records
- Legal Records
- HR Records
- Investor relations documents
And it sounds like even more.
The source code is one thing but those records could be a massive issue for their employees. There could be life ruining information in those. People who work there are already getting death threats, and now potentially their HR information is exposed which could contain their address? If it comes to light that CDPR was not properly storing this information, especially if it constitutes PII, they could find themselves dealing with a massive GDPR violation.
What an absolute nightmare. I really hope that CDPR workers don’t end up getting doxxed by this. While I’d love to see a company taken down by exposure of shifty internal practices (assuming these exist), there’s no way I want to see ordinary people put in jeopardy like this.
This is probably going to happen more and more going forward. There’s just too much of value that can be obtained by overcoming digital security, and too many ways to do just that.
I keep reading the ransom note, and I keep getting utterly flabbergasted that a hacker in 2021 can infiltrate and expose CD Projekt Red’s company secrets, and then have the audacity to post ‘you have been EPICALLY PWNED!!!’ in said ransom note.
I feel like I do not understand internet culture at all anymore.
I was surprised how generally not terrible the ransom note was. Minimal slang, only a few curses. Real pros
Imagine getting out of the hellscape of CD Projekt and then them still fucking you years later.