Data circulating online from the February hack of CD Projekt Red contains not just the source code for games like Cyberpunk 2077 and an unfinished The Witcher 3 build, but probably some of the personal details of employees and contractors, the company has now confirmed. An investigation is underway, aided not just by Polish police but multinational agencies like Interpol and Europol.
The attack has wreaked havoc on CDPR as a business, resulting both in its data being auctioned off on the black market and a weeks-long network remote work lockout as a method of preventing further intrusions. This delayed attempts to patch Cyberpunk 2077, since staff had already been working remotely because of the COVID-19 pandemic. The existence of personal information in the circulating data was only reported as a possibility - until now.
In an official Thursday statement, publisher CD Projekt outlined new knowledge about its fated ransomware incident, which is apparently more widespread than it initially confirmed. The developer notes that it's "working together with an extensive network of appropriate services, experts, and law enforcement agencies" to resolve the situation. No suspects have been publicly acknowledged, but the attacker did leave a ransom note, which (when combined with the subsequent CDPR source code auction) may suggest it was the work of professional criminals. Regarding employees sensitive personal information, part of the statement reads:
"We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games. Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach."
CDPR adds that it has taken steps to "secure and harden" its network, for instance redesigning its IT infrastructure, upgrading firewalls and event monitoring, and deploying a different remote access system. Other steps have been less technical. For instance, reducing the number of privileged accounts and access rights and expanding the size of its security department. Some of this is being accomplished with help from external specialists. There's likely little more damage that could be done, since any new games are probably years away. The rest of the developer's 2021 is going to be spent fixing Cyberpunk 2077 and delivering promised PS5 and Xbox Series X/S upgrades for that title and The Witcher 3.
Compounding CD Projekt Red's problems have been lawsuits over the launch state of Cyberpunk 2077 and weak first-quarter sales. Though the game did well at launch, sales dropped off sharply once its problems were well-known, and some buyers took advantage of a refund offer. The game is largely playable at the moment, but it's still blocked from the PlayStation Store and might not be available in a fully polished state until sometime in 2022.
Source: CD Projekt
from ScreenRant - Feed https://ift.tt/3wivtBo
0 Comments