Cyberpunk 2077 dev CD Projekt hack was apparently really bad

By JC Torres/June 11, 2021 1:03 am EST

It seems that CD Projekt RED, once the darling of "big" indie game developers, oxymoronic as that may sound, can't really catch a break. Loved for its The Witcher RPG series, the Polish game dev house has now become associated less favorably as a giant publisher, one that also happens to own the old Good Old Games or GOG. The disastrous launch of Cyberpunk 2077 may have been a terrible experience for many gamers but now even its own employees may be at risk after revealing that a massive data breach earlier this year may have actually been worse than they first thought.

The months leading up to that cybersecurity attack were very stressful ones for the company because of the much-delayed yet still terrible launch of Cyberpunk 2077. It's not that hard to imagine that the attack may have even been provoked by the rather intense sentiments that were aired over the Internet during those few months. The hackers may have even been disillusioned Cyberpunk 2077 players themselves.

The hackers claimed that, among other things, they were able to get hold of company data related to accounting, HR, and investors and demanded that CD Projekt pay its ransom. The game developer naturally refused to play that game and assured its customers that their information remains safe. The same cannot be said, however, of their own employees.

Four months after the incident, CD Projekt gives an update that isn't pleasant to hear. It now believes that the stolen data may have included "current/former employee and contractor details", all of which may already be circulating on the Dark Web. They also can't say for certain that the data hasn't been manipulated or tampered with.

While it assures the public that it has taken action to make sure it doesn't happen again, those words might not carry much weight for those that are already affected. CD Projekt promises to protect the privacy of its employees and will take action against those that will share the stolen data. Given the company's standing in the public, those, too, might not carry much weight as well.