It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Stole the source code for CP2077? WHAT A HEIST... Not like it was in great hands with Bethes, oops I mean CDPR anyway. Perhaps the hacker will fix it before he returns it to CD Projekt due to the embarrassment of figuring out what he actually stole.
avatar
Lord_Kane: Remember the CRA leak and hack? you know who got bitten by that? yup yours truly.
Sometimes, government is not better. They've been known to offsource their technology concerns to external companies and end up having to live with ill-conceived legacy systems for decades afterwards (which are at times somewhat secure not because they are well designed, but because they do weird sh*t that are pretty far from the recommended way of doing things). I can confirm that the minds behind many of those systems were not anywhere close to the top 10% or even 20% in the software industry.
Post edited February 09, 2021 by Magnitus
avatar
Lord_Kane: Remember the CRA leak and hack? you know who got bitten by that? yup yours truly.
avatar
Magnitus: Sometimes, government is not better. They've been known to offsource their technology concerns to external companies and end up having to live with ill-conceived legacy systems for decades afterwards (which are at times somewhat secure not because they are well designed, but because they do weird sh*t that are pretty far from the recommended way of doing things). I can confirm that the minds behind many of those systems were not anywhere close to the top 10% or even 20% in the software industry.
Oh I know the government is no better, and in some cases even worse then private companies, always be ready to tackle identity theft.
avatar
EnforcerSunWoo: Stole the source code for CP2077? WHAT A HEIST... Not like it was in great hands with Bethes, oops I mean CDPR anyway. Perhaps the hacker will fix it before he returns it to CD Projekt due to the embarrassment of figuring out what he actually stole.
How awesome would it be if they found something like that misplaced comma from Colonial Marines? :D
avatar
EnforcerSunWoo: Stole the source code for CP2077? WHAT A HEIST... Not like it was in great hands with Bethes, oops I mean CDPR anyway. Perhaps the hacker will fix it before he returns it to CD Projekt due to the embarrassment of figuring out what he actually stole.
avatar
Breja: How awesome would it be if they found something like that misplaced comma from Colonial Marines? :D
Not for their programmers. Be one hell of a misplaced comma for CP2077 though considering all the issues present.
F*ck!! That's some serious shit!!! Hope they caught the bastards!
high rated
Sad news.
While CDPR's IT infrastructure may not be commendable, I personally appreciate the company's quick announcement about the incident and the firm intention of not giving in to blackmailers' demands.
Terrible news for all of those affected.
low rated
avatar
Orkhepaj: kids waster their time on things like this, im so sad
who uses twitter btw? you should be ashamed

i still dont get how these servers get hacked , dont they only allow connections from local network only?:O
how hard is that to set up? you just need to limit the ip range and that's all is that a request to prove you wrong?
avatar
paladin181: Hahaha. Again, on subjects to which you are completely ignorant, stay quiet.
whats your problem? What ignorance are you talking about?

didnt they access the servers from outside ? looks like they did
how is that possible? oh wait cause bad security

I bet you are waaaaaaaaaaaaaaaaaaay more knowledgeable , so share us what you know.
avatar
Time4Tea: Uh oh! That's not good news. Password changed.

From what I read, it seems the attacker stole the source code to Witcher 3 and Cyberpunk as well.
avatar
Breja: Source code for Cyberpunk, eh? I'm making a note here: huge success. I guess maybe if he pays CDP they'll take it back. I wouldn't.
cp source code , all that 10 lines ?:O
Post edited February 09, 2021 by Orkhepaj
avatar
EnforcerSunWoo: Not for their programmers. Be one hell of a misplaced comma for CP2077 though considering all the issues present.
Definitely kudos to CDPR for making this public, and thanks for the heads up.

Apart from that: That dude mentions that he hacked into a CI-server. I would assume that server was unpatched and had a door open to the internet. Which wouldn't surprise me with most folks in home-office these days requiring remote access.

Yes, that kind of stuff shouldn't happen and yet it does - not just to CDPR. Other companies most certainly had the same thing happen to them, but just quietly restored the backups and never talked about it.

The attacker most certainly downloaded a few recent (or even not-so-recent) builds that were still cached and (allegedly) unreleased patches. Again: Meh! Source code is not a mythical resource that gives you special powers. Had he been able to modify sources of the Galaxy client, Gwent, or GOG server applications to perhaps introduce a backdoor, this would have been a whole different story, but this is apparently not the case.

He then encrypted all servers he could encrypt - and in doing so accidentally just told CDPR which system he could access and which he couldn't.

He also didn't mention e-mails or anything of importance, really, so I he likely didn't have those, else he would have surely bragged about it.

My bet is that he only had the CI server and maybe read-access to a public file server within the company, as the later would likely have had all the random documents he bragged about having. Most companies have some sort of badly secured, lazy network share which every employee and every other server typically has access to, where you shouldn't store anything important and that yet nobody usually bothers to clean up in any reasonable intervals.

I guess what people should take away from this is that the question is not wether a system "can" be hacked, but "when". The only data that is perfectly save is the data you never collected in the first place.
Post edited February 09, 2021 by Nervensaegen
I don't know why I laughed so much to that.

avatar
dr.schliemann: Sad news.
While CDPR's IT infrastructure may not be commendable, I personally appreciate the company's quick announcement about the incident and the firm intention of not giving in to blackmailers' demands.
Hope them the best to solve the problem as quick as possible. Depending on the size of the attack, a full recovery may take a while...

avatar
Nervensaegen: I guess what people should take away from this is that the question is not wether a system "can" be hacked, but "when". The only data that is perfectly save is the data you never collected in the first place.
That's true. Thing is: Who hacked or tried to hack GOG servers?

I remember playing a futuristic game a while ago where one of the characters stored all of his sensitive data on CDs and DVDs only, because those were harder to hack in that future.

While most people use cloud for storage, CDs, DVDs, external drivers, are 'harder' to steal, or hack, so they're a favorite to preserve small to medium size data imho. If take care of them well, that is. One scratch and all will be lost.

--edit:

"And your documents will be sent to our contacts in gaming journalism."

Am I blind or did this "black hat" just told CDPR who they are working for?
Post edited February 09, 2021 by D.Keys
Man, I see downvoters are out in force today. Just random trolls, or are CDP fanboys so out of their minds that making fun of Cyberpunk is more than they can handle? Hell, I even got downvoted just for saying I don't store any info on GOG and have my games backed up :D

I guess just about anything other than "O no, I hope to god my beloved CDP will be fine!" is enough to trigger some sad suckers these days.
low rated
avatar
D.Keys: I don't know why I laughed so much to that.

avatar
dr.schliemann: Sad news.
While CDPR's IT infrastructure may not be commendable, I personally appreciate the company's quick announcement about the incident and the firm intention of not giving in to blackmailers' demands.
avatar
D.Keys: Hope them the best to solve the problem as quick as possible. Depending on the size of the attack, a full recovery may take a while...

avatar
Nervensaegen: I guess what people should take away from this is that the question is not wether a system "can" be hacked, but "when". The only data that is perfectly save is the data you never collected in the first place.
avatar
D.Keys: That's true. Thing is: Who hacked or tried to hack GOG servers?

I remember playing a futuristic game a while ago where one of the characters stored all of his sensitive data on CDs and DVDs only, because those were harder to hack in that future.

While most people use cloud for storage, CDs, DVDs, external drivers, are 'harder' to steal, or hack, so they're a favorite to preserve small to medium size data imho. If take care of them well, that is. One scratch and all will be lost.

--edit:

"And your documents will be sent to our contacts in gaming journalism."

Am I blind or did this "black hat" just told CDPR who are they working for?
"our contacts in gaming journalism" means their favourite youtube grifter who spent the last two months making money by creating hatevideos about Cyberpunk and CDProjekt with scandalous clickbait titles to cash in on the toxic internet crowd that's not only going to click it but also share it wherever they go.
avatar
XYCat: "our contacts in gaming journalism" means their favourite youtube grifter who spent the last two months making money by creating hatevideos about Cyberpunk and CDProjekt with scandalous clickbait titles to cash in on the toxic internet crowd that's not only going to click it but also share it wherever they go.
Seems like it. Those people love some childish scandals.
Bunch of gossipmongers. Doesn't they understand that this doesn't help gaming at all?
avatar
Orkhepaj: I bet you are waaaaaaaaaaaaaaaaaaay more knowledgeable , so share us what you know.
It's quite simple to backdoor into some networks by riding on a program. Bonus points if they did it by exploiting the memory buffer overflow that CDPR tried to blame on modders. The the first rule of security is there is no way to stop anyone from getting in. If they want to, they will. If you bar your windows, they may bring a truck with a winch. If you build a wall, they can bring a bulldozer. The point is that there is zero chance of completely stopping someone who wants what you have badly enough. That goes with network security as well. The object of security is to make yourself a less desirable target. You do this through many ways, obfuscation (people don't know who you are or what you have) or obstacles (making getting your goods more trouble than it is worth). Rhere are many vulnerabilities to any network that connects to the internet at large. The only way to completely safeguard it is to never connect it to the world wide web.

So while I dont know how they got into this intranet specifically, I know a few.ways.they.coild have and I know of many more they may have used. Anything from getting malware on a PC to having a corrupted phone on the wifi or as mentioned before, the Cybetpunk buffer overflow if someone was experimenting on something indev with a malicious mod. Exactly how they got in isn't relevant. But that they could easily is not even a question. As to why they could? Probably because VDPR had their own in house IT team set up their net security and we've seen how CDP handles net.security and web coding with GOG.