-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
CDPR Hacked, Some Internal Systems Compromised as Hacker Leaves Ransom Note
- Thread starter Alexzan
- Start date
Official Staff Communication
Attacks like these often put innocent employees at risk of doxxing and harassment by trolls and the worst parts of the internet. While you may not feel sympathy for the company's management, keep in mind the large number of largely innocent people who are now at risk. Any posts that could be seen as supporting doxxing or targeted harassment will be actioned severely.
Last edited:
These actions are gross not only because they could target innocent employees, but first and foremost because they're illegal. You can't fight fire with fire, if this is their way to "make justice", these guys are backwards.
The Woods hopefully that's retroactively applied to the closed thread.
The topic at hand: incredibly shitty for all the HR files and worker info that's included in those, don't care about the ceo's and people on top who might end up looking bad but I also don't think it's great to herald this as some great win.
The topic at hand: incredibly shitty for all the HR files and worker info that's included in those, don't care about the ceo's and people on top who might end up looking bad but I also don't think it's great to herald this as some great win.
As someone who has had detaailed personal data leaked in the past in a ransomware attack - there is nothing to celebrate here. This isn't a Robin Hood taking the rich down a peg to give to the needy situation, this is an individual (or group of) opportunistic hacker(s) holding innocent peoples personal data hostage to line their pockets - no matter how shite of a company CDPR are, the only ones this is going to potentially do significant damage to are the employees. CDPR as a corporate entity will recover from basically any stock hit that will come out of this, and as much as source code leaks suck - at least that's not endangering peoples livelihood (at least as far corporate source code leaks go) like a lot of the data in the Admin/Legal and HR dumps can.
Thanks for this by the way - as someone currently doing their cybersecurity degree and studying the effects that cybercrime and leaks can have on individuals - that previous thread made me viscerally uncomfortable.
Thanks for this by the way - as someone currently doing their cybersecurity degree and studying the effects that cybercrime and leaks can have on individuals - that previous thread made me viscerally uncomfortable.
Last edited:
I don't have a lot to say except that the reactions on Twitter / Former thread is embarrassing at best. And this entire hack is embarrassing, "Epically pwned", I could throw up.
Yes, the management of CDPR fucking sucks. But at the end of the day, all I give a fuck about is the developers that have gone through hell and back, and now they get affected even more for working under bad management. Sad, disgusting, and embarrassing all around.
Yes, the management of CDPR fucking sucks. But at the end of the day, all I give a fuck about is the developers that have gone through hell and back, and now they get affected even more for working under bad management. Sad, disgusting, and embarrassing all around.
Maybe they are stuck in a 2004 era time loop? Using notepad to write a ransom note is an interesting choice aswell
So at this point the Devs just gotta hope that no one commits identity theft with their stolen info. Stuff like bank accounts, social security numbers, work visas etc would probably be in the data dump.
Fucking hell.
Fucking hell.
This such a disgusting thing to do. I hope they get found and arrested. As if the events of crunch and threats for CDPR employees hasn't been bad enough they now have this? I worry for their mental health.
What a bunch of wankers.
What a bunch of wankers.
This type of news seems to become more common in the industry. Video game company need to get better at basic security, given the increasing social relevance of the medium, they make for pretty big targets to basically any hacker out there.
I doubt this has been some clever attack by someone obtaining 0-days or whatever. Given the language it's probably some script kiddies who managed to get someone within CD Projekt to open email attachments.
I doubt this has been some clever attack by someone obtaining 0-days or whatever. Given the language it's probably some script kiddies who managed to get someone within CD Projekt to open email attachments.
I don't see how any company could pay the ransoms, if it's something physical you get back in the ransom they have to steal (or kidnap) again to screw you again. With data how could you trust the people who just broke into your network/servers to delete the data, not ransom you again in a month or just release the data for fun. Capcom never paid did they?
I largely refrained from the Cyberpunk/CD Projekt Red topics this year.
Collectively the games they've made over the years have been a large part of my life and this is absolutely shattering to hear.
Hope those affected are looked after as much as possible.
EDIT: I had to go look at 'the other thread' for a second.
Don't tell me the vast majority of people here wouldn't say such malicious things about some other game dev companies because they know they can get away it.
Collectively the games they've made over the years have been a large part of my life and this is absolutely shattering to hear.
Hope those affected are looked after as much as possible.
EDIT: I had to go look at 'the other thread' for a second.
Don't tell me the vast majority of people here wouldn't say such malicious things about some other game dev companies because they know they can get away it.
I'd say less than 1%. Ransomware is increadably common, and this ransom-to-leak variant is increasingly popular. Judging by the provided note, I'm guessing that this is probably a script kiddie using a randsomware-as-a-service platform (but that's very much a guess).
What a shit show the last thread was.
Thoughts go out to the developers, is all you can do really. And I hope CDP looks after everybody effected. Can only hope the hackers didn't get anything too compromising since I doubt these are empty threats. But even if CDP paid some ransom, can't trust people like this to not make backups and shit like that. Fucking cunts.
Thoughts go out to the developers, is all you can do really. And I hope CDP looks after everybody effected. Can only hope the hackers didn't get anything too compromising since I doubt these are empty threats. But even if CDP paid some ransom, can't trust people like this to not make backups and shit like that. Fucking cunts.
The companies/organisations that do have an incentive to not talk about it.
^^^^ This - ransomware attacks, including large scale ones, are not at all uncommon, and it's not uncommon for the ransom to be paid out with the public never hearing a peep about it.
True, if you give people access to your internal servers, then every single laptop becomes a possible security hole.
My point was that these types of attacks are often not some insanely clever hackers with near state actor levels of sophistication, but just due to someone clicking on "real_invoice.pdf.exe" without thinking.
Goddamn first they got screwed by the management over Cyberpunk release and now this, the employees couldn't catch a break.
Ransom note reads like something you'd get on Xbox live back in the day for random trash talking.
I hope Everyone's sensitive information stay secure. This is bad for everyone.
I hope Everyone's sensitive information stay secure. This is bad for everyone.
Did the replies get deleted?
*edit* oh the other thread got closed. Reposting my reply,
Anyway these big gaming companies really need to amp up their cyber security.
*edit* oh the other thread got closed. Reposting my reply,
Anyway these big gaming companies really need to amp up their cyber security.
It wouldn't surprise me if it was phishing. I have some basic knowledge about cyber-security and the easiest way to access a system is through social engineering, not fancy algoritms or machines.
Was it some sort of pre adolescent person that hacked them? That ransom note is horrendously written and espite Cyberpunk's current condition I hope that people are more mature about their opinion on this after what happened to Nintendo and Capcom.
I know they released a broken unfinished product based on lies, but it's still weird to go on twitter and see people cheer for this and say that CDPR deserved it.
It's completely understandable to be mad at them for CP2077, but come on now. This isn't the way to "get back at them".
Hopefully they manage to sort this out.
It's completely understandable to be mad at them for CP2077, but come on now. This isn't the way to "get back at them".
Hopefully they manage to sort this out.
I doubt they are being paid as professionals, I don't see reason for this to be state sponsored or corporate espionage.
The writing is likely part of the performance as a black hat actor. Don't take it as evidence of their skill, experience or age.
Leetspeak (and simplified derivatives of it) is still well and truly alive in hacking communities, at all levels from white hats with decades of experience to brand-new script kiddies. I've always found it a bit silly personally but *shrug*.
As I said already, I hope that with the immediacy they came forward with helps protect the employees.
And the speed they responded to this with is the same speed every other company should move at. Go public and share the note. If the hackers do release and do damage, it's always going to be less than what it would've been had we found out days or weeks after the fact.
Notify employees first, of course.
And the speed they responded to this with is the same speed every other company should move at. Go public and share the note. If the hackers do release and do damage, it's always going to be less than what it would've been had we found out days or weeks after the fact.
Notify employees first, of course.
Oh absolutely. Even with tech literate people, a lapse in attention at times is enough to misread stuff and click anyway.