CD Projekt Red hacked and threatened by an anonymous operator

CD Projekt Red have had a shocker of a time recently. Setting the wreckage of their 2020 on fire, they’ve been stung by a particularly shitty hack.

In an image posted to Twitter today, CD Prokekt Red acknowledged that they’ve been hacked, someone(s) had accessed the inner workings of their company, and that party is threatening a monumental info dump of privileged data.

The ransom note is a pretty gross read, from a start that claims CDPR has been “EPICALLY pwned” all the way through to threats about destroying their public reputation and investor trust. It’s a weird note, worth making your own way through.

Witcher 3 Open World CD Projekt Red

Particularly strange are the threats to tarnish an already damaged reputation, given it’s unlikely that there is too much more that could besmirch CDPR at this point. The demand for contact within 48 hours has been completely slapped back by CPDR, who seem happy enough to let whatever happens, happens. A pretty respectable response, but then again, we don’t know the full contents of the leak.

There’s complete potential this is just overblown hysteria around the gaming world’s biggest talking point of the past year, but there’s a few things that are certain. Firstly, that hacking l33t speak is lame. Secondly, I would hate to be working for CPDR right now.

Thirdly, perhaps most importantly, CPDR have confirmed that user and staff data is safe. It is game assets, including the entire source code for The Witcher 3: Wild Hunt, Cyberpunk 2077, and Gwent that are at greatest risk.

The full content of the ransom note reads:

“! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !  Hello CD PROJKET ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! !

Your have been EPICALLY pwned ! !

We have dumped FULL copies of the source codes from your Perforce server for Cyberpunk 2077, Witcher 3, Gwent and the unreleased version of Witcher 3 ! ! ! ! 

We have also dumped all of your documents relating to accounting, administration, legal, hr, investor relations and more!

Also, we have encrypted all of your servers, but we understand that you can most likely recover from backups.

If we will not come to an agreement, then your source codes will be sold or leaked online and your documents will be sent to our contacts in gaming journalism. Your public image will go down the shitter even more and people will see how shitty your company functions. Investors will lose trust in your company and the stock will dive even lower !

You have 48 hours to contact us.”