It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
high rated
Help, just got an email saying someone has a backdoor into my machine and if I dont give them 20million in unmarked bills they will install Cyberpunked2020. Can anyone lend me some money?
Does this mean someone might start making fixes ahead of CDPR?
high rated
avatar
dr.schliemann: Sad news.
While CDPR's IT infrastructure may not be commendable, I personally appreciate the company's quick announcement about the incident and the firm intention of not giving in to blackmailers' demands.
On Twitter but not a word on GOG forum...shows how much they care (as we already know).
avatar
Breja: Source code for Cyberpunk, eh? I'm making a note here: huge success. I guess maybe if he pays CDP they'll take it back. I wouldn't.
avatar
Orkhepaj: cp source code , all that 10 lines ?:O
Because all bad or buggy games are bad or buggy because they were compiled from too few lines of code. ◔_◔
avatar
dr.schliemann: Sad news.
While CDPR's IT infrastructure may not be commendable, I personally appreciate the company's quick announcement about the incident and the firm intention of not giving in to blackmailers' demands.
avatar
Dogmaus: On Twitter but not a word on GOG forum...shows how much they care (as we already know).
To be fair, GOG forums aren't a CDPR news blog.
If there are any security implications for the GOG side of things (and they may or may not even know yet if there are), I would hope they'll send out e-mails to all potentially affected customers. Announcing something like that in a forum that only a small fraction of your customers regularly visit probably wouldn't be particularly effective at getting the word out.
Post edited February 09, 2021 by HunchBluntley
[Right shoulder, angel]: This is regrettable, damaging and wrong.

[Left shoulder, devil]: Investor relations documents you say?
low rated
avatar
dr.schliemann: Sad news.
While CDPR's IT infrastructure may not be commendable, I personally appreciate the company's quick announcement about the incident and the firm intention of not giving in to blackmailers' demands.
avatar
Dogmaus: On Twitter but not a word on GOG forum...shows how much they care (as we already know).
almost no customers of GOG ever use this forum
i always wonders why critical data is stored on servers or anything remoted to internet!. only ask for trouble.
always have critical data on a remote drive (one that's not connected to internet) it's not like external SSD are that expensive and they comes within tera bytes
avatar
EnforcerSunWoo: Not for their programmers. Be one hell of a misplaced comma for CP2077 though considering all the issues present.
avatar
Nervensaegen: Definitely kudos to CDPR for making this public, and thanks for the heads up.
The hacker/s threatened to expose their data (*) if they dont pay. So either they pay or they have to annouce it right away as PR damage control.

(*) Source: https://tarnkappe.info/cd-projekt-red-spieleentwickler-wurde-opfer-eines-ransomware-angriffs/

avatar
Nervensaegen: He also didn't mention e-mails or anything of importance, really, so I he likely didn't have those, else he would have surely bragged about it.
According to my linked source CDP(?) says no user data was stolen.

avatar
Nervensaegen: My bet is that he only had the CI server and maybe read-access to a public file server within the company, as the later would likely have had all the random documents he bragged about having.
The article says "Perforce servers" so it would have to be more than one. (Perforce is a version management software.)
Also: You cant encrypt servers if you only have read access.

avatar
Nervensaegen: Most companies have some sort of badly secured, lazy network share which every employee and every other server typically has access to, where you shouldn't store anything important and that yet nobody usually bothers to clean up in any reasonable intervals.
The article talks about the "Perforce servers". This is not 'share' space.


avatar
Abishia: i always wonders why critical data is stored on servers or anything remoted to internet!. only ask for trouble.
always have critical data on a remote drive (one that's not connected to internet) it's not like external SSD are that expensive and they comes within tera bytes
If employees work at home (due to Corona, dont know if they actually do that at CDP) they must have their source codes accessible from the internet.
Post edited February 09, 2021 by Zrevnur
avatar
Abishia: i always wonders why critical data is stored on servers or anything remoted to internet!. only ask for trouble.
always have critical data on a remote drive (one that's not connected to internet) it's not like external SSD are that expensive and they comes within tera bytes
Not as easy as you think, particularly these days when most of the world is having to work remotely. Pretty much every company will have data accessible if you hack their systems; if you have it only available locally, then everyone has to go into the office and plug in. Before 2020, that would have been fine. Now, less so.
avatar
Nervensaegen: Definitely kudos to CDPR for making this public, and thanks for the heads up.

[...]

I guess what people should take away from this is that the question is not wether a system "can" be hacked, but "when". The only data that is perfectly save is the data you never collected in the first place.
Good take.
I concur wholeheartedly with your last paragraph, and I would add that there have been many more incidents of this type and far more serious in nature in several sites. The difference is that they were not disclosed or even detected.
Post edited February 09, 2021 by thegreyshadow
avatar
Abishia: i always wonders why critical data is stored on servers or anything remoted to internet!. only ask for trouble.
always have critical data on a remote drive (one that's not connected to internet) it's not like external SSD are that expensive and they comes within tera bytes
avatar
pds41: Not as easy as you think, particularly these days when most of the world is having to work remotely. Pretty much every company will have data accessible if you hack their systems; if you have it only available locally, then everyone has to go into the office and plug in. Before 2020, that would have been fine. Now, less so.
yea kind of a slight oversight from me... corona working at home..
I hope everyone is OK and don't see their lives affected by this, the problem with the hackers is that they affect the lives of the poor developers that only are doing their work... They dont deserve this kind of shit, no even CDPR, is their work and their are trying to do the best they can, even if they fuck it up, they do many things good for the industry and deserve the credit and respect for that... Always is easy to mark other peoples mistake and easily forget all the things they do right.
avatar
Orkhepaj: cp source code , all that 10 lines ?:O
avatar
HunchBluntley: Because all bad or buggy games are bad or buggy because they were compiled from too few lines of code. ◔_◔
avatar
Dogmaus: On Twitter but not a word on GOG forum...shows how much they care (as we already know).
avatar
HunchBluntley: To be fair, GOG forums aren't a CDPR news blog.
If there are any security implications for the GOG side of things (and they may or may not even know yet if there are), I would hope they'll send out e-mails to all potentially affected customers. Announcing something like that in a forum that only a small fraction of your customers regularly visit probably wouldn't be particularly effective at getting the word out.
because the game is not even halfly done
avatar
Breja: Man, I see downvoters are out in force today. Just random trolls, or are CDP fanboys so out of their minds that making fun of Cyberpunk is more than they can handle? Hell, I even got downvoted just for saying I don't store any info on GOG and have my games backed up :D
To put it another way: This hack is causing butthurt in exactly the right crowd. *smugface.jpg*
avatar
§pectre: Doesn't 2fa mean when they hack the email account they get access to everything instead?
Not if it is real 2fa, but GOG doesn't use that, only "2 step authentication". What they do (like the vast majority of online accounts) is fully tied to your email, with a few extra measures to make sure whoever is accessing you account has access to your email as well. The 2 step thing I suspect stores your IP address (or a small address range) and emails you before you can get access if you try to access from a different IP address (it doesn't use cookies like some sites do, which is nice for those of us who delete cookies on browser exit). The password reset I just did just in case also requries you to click a link sent to your email rather than allowing anyone already in the account to change the password. So be very careful with your email account :/.

I think GOG is fairly distinct organizationally from CDPR so I would guess CDPR doesn't have more access to GOG than any developer, but I could be wrong. Hopefully GOG will make a statement soon.

Since CDPR is obviously persuing an "any publicity is good publicity" route at this point they probably won't be hurt much if the code is publicly released and might benefit from extra publicity (as long as the comments aren't too embarassing). Also, the fact that they have recent backups puts them ahead of a huge number of companies in this situation.

https://www.theregister.com/2021/02/09/cd_projekt_red_hack/
Post edited February 09, 2021 by joveian