Cyberpunk 2077 developer CD Projekt Red announced that it had been targeted by a ransomware attack earlier today. While the company reassures fans that their user account data remains secure, the hackers claim to possess the source code for several of its high-profile games.
CD Projekt Red so far refuses to negotiate with the hacker, who threatens to release the data online. Now, digital privacy expert Ray Walsh believes the hack may have been an inside job. He also warns that refusing to comply may be a hazardous move for CDPR.
Walsh, who works with online privacy research group ProPrivacy, outlined his concerns in a statement shared with Nintendo Life. The hackers claim to have copies of the source code for Cyberpunk 2077 and an unreleased version of The Witcher 3. If true, this data would be enormously useful to online pirates. To quote Walsh, “If the game code is released online, this would permit cracked versions of their games to proliferate online for free, as a result of which the studio could find themselves hemorrhaging profit.” And the internet being the internet, there is virtually nothing CD Projekt Red can do to contain the data once released online.
Walsh suspects this could have been an inside job. After all, a CDPR developer would have easy access to Cyberpunk and The Witcher 3’s source code. He further argues that CD Projekt staff would have a motive as well as opportunity. He cites the negative media reaction to Cyberpunk 2077 and CDPR’s reported blaming of developers as reasons someone might want to get back at the company. The alleged mismanagement and poor working conditions at CD Projekt Red also explain why some developers might have an ax to grind.
Of course, while Walsh describes an inside job as “plausible,” he is careful to avoid jumping to conclusions. CDPR reported the breach to Poland’s Personal Data Protection Office, which is investigating the hack. It may be some time before the investigation bears fruit, and Walsh encourages everyone to be patient.
However, patience is not the same thing as complacency. Walsh stresses the importance of remaining vigilant for security risks. “Consumers will need to watch this incident closely to be sure that no personal data was affected that could be leveraged for phishing or ID fraud, for example.” That’s excellent advice considering the recent security concerns regarding mods for Cyberpunk 2077.
And CD Project Red is not the only company to suffer a significant breach in recent months. In November, legendary gaming giant Capcom was the target of a major ransomware attack. In addition to information on upcoming games, the attackers stole several thousand Capcom employees’ personal data. These breaches are a sobering reminder of what every digital security expert already knows: no network is ever truly secure.
Cyberpunk 2077 is available for PC, PS4, Stadia, and Xbox One, with planned PS5 and Xbox Series X/S upgrades.
Source: Nintendo Life