Help, just got an email saying someone has a backdoor into my machine and if I dont give them 20million in unmarked bills they will install Cyberpunked2020. Can anyone lend me some money?

Does this mean someone might start making fixes ahead of CDPR?

On Twitter but not a word on GOG forum...shows how much they care (as we already know).

Because all bad or buggy games are bad or buggy because they were compiled from too few lines of code. ◔_◔
To be fair, GOG forums aren't a CDPR news blog.
If there are any security implications for the GOG side of things (and they may or may not even know yet if there are), I would hope they'll send out e-mails to all potentially affected customers. Announcing something like that in a forum that only a small fraction of your customers regularly visit probably wouldn't be particularly effective at getting the word out.

[Right shoulder, angel]: This is regrettable, damaging and wrong.

[Left shoulder, devil]: Investor relations documents you say?

almost no customers of GOG ever use this forum

i always wonders why critical data is stored on servers or anything remoted to internet!. only ask for trouble.
always have critical data on a remote drive (one that's not connected to internet) it's not like external SSD are that expensive and they comes within tera bytes

The hacker/s threatened to expose their data (*) if they dont pay. So either they pay or they have to annouce it right away as PR damage control.

(*) Source: https://tarnkappe.info/cd-projekt-red-spieleentwickler-wurde-opfer-eines-ransomware-angriffs/

According to my linked source CDP(?) says no user data was stolen.

The article says "Perforce servers" so it would have to be more than one. (Perforce is a version management software.)
Also: You cant encrypt servers if you only have read access.

The article talks about the "Perforce servers". This is not 'share' space.


If employees work at home (due to Corona, dont know if they actually do that at CDP) they must have their source codes accessible from the internet.

Good take.
I concur wholeheartedly with your last paragraph, and I would add that there have been many more incidents of this type and far more serious in nature in several sites. The difference is that they were not disclosed or even detected.

yea kind of a slight oversight from me... corona working at home..

I hope everyone is OK and don't see their lives affected by this, the problem with the hackers is that they affect the lives of the poor developers that only are doing their work... They dont deserve this kind of shit, no even CDPR, is their work and their are trying to do the best they can, even if they fuck it up, they do many things good for the industry and deserve the credit and respect for that... Always is easy to mark other peoples mistake and easily forget all the things they do right.

because the game is not even halfly done

To put it another way: This hack is causing butthurt in exactly the right crowd. *smugface.jpg*

Not if it is real 2fa, but GOG doesn't use that, only "2 step authentication". What they do (like the vast majority of online accounts) is fully tied to your email, with a few extra measures to make sure whoever is accessing you account has access to your email as well. The 2 step thing I suspect stores your IP address (or a small address range) and emails you before you can get access if you try to access from a different IP address (it doesn't use cookies like some sites do, which is nice for those of us who delete cookies on browser exit). The password reset I just did just in case also requries you to click a link sent to your email rather than allowing anyone already in the account to change the password. So be very careful with your email account :/.

I think GOG is fairly distinct organizationally from CDPR so I would guess CDPR doesn't have more access to GOG than any developer, but I could be wrong. Hopefully GOG will make a statement soon.

Since CDPR is obviously persuing an "any publicity is good publicity" route at this point they probably won't be hurt much if the code is publicly released and might benefit from extra publicity (as long as the comments aren't too embarassing). Also, the fact that they have recent backups puts them ahead of a huge number of companies in this situation.

https://www.theregister.com/2021/02/09/cd_projekt_red_hack/