CDPR hit with Cyberattack, source codes of Cyberpunk 2077, The Witcher 3, and more supposedly leaked.

[leadeater]

1 hour ago, StDragon said:

You're assuming that's the motive; I don't see proof of that.

Neither do I see proof, however it's a lot easier to say your own actions were not a factor if you hadn't recently done something that certainly did annoy a large number of people. However they might not have been motivated by anger due to the release state of the game but the release state of the game brought rise to the publicity of the company.

 

And the number one most effective way to make this type of situation (huge negative PR) not happen is to ensure you are releasing a quality product.

 

1 hour ago, StDragon said:

This look like a standard opportunistic high profile case of a ransomware attack. Meaning, it would have happened regardless of the bad PR.

Like I've already said that may or may not be the case however as far as I see the attention the company has recently received has made someone choose them and go looking sooner than later. They could have been breached at any time, maybe depending on how, but it was done now while people are thinking about them and talking about them.

[gloop]

17 minutes ago, GravityHurts said:

Ok I know this is stupid, but what is the difference between the game that you download and the source code? I know that all cdpr games are drm free so does that not mean that we already have access to the source code of the Witcher 3 and Cyberpunk 2077?

In basic terms, when you compile code, it gets turned into machine jumble for the computer to run. That's what you get when you download the game, along with the other assets. It's nearly impossible to reverse-engineer the machine compiled code to get what it was before it was compiled (ie the source code).

[Dedayog]

22 minutes ago, WereCat said:

Uh... ok? I'm not from US and I know nothing of US politics. If you think the US is the only nation in the world that has broken politics and weird things are happening then you need to come out of your shell. But this is not a place to discuss politics nor am I interested in doing so.

 

And yes, it was a total disregard for what happened because companies are getting "hacked" every day left and right. It's really nothing new. Nintendo having stolen code for the Switch was much more significant than this (if I am to give an example from recent memory).

No.

 

Nope, didn't want to talk politics, it was a reference only to refute your "we all agree" comment.  I'm well aware other countries have issues, not a part of this thread tho.

 

Total disregard because it happens a lot, isn't okay.  The Switch issue isn't, this isn't, any hacking and/or ransomeware isn't.  Ain't good that we're growing numb to it.

 

Eh, not going to change opinions either way.  Hope they get things fixed and they catch who did it, but they won't.  Might be the last straw for CDPR.  

[Middcore]

It's sad to see so many here, including mods who I would expect to have a more level-headed and mature perspective on things, celebrating this or implying it was somehow just or deserved. CDPR being the victims of a crime, which was probably just an act of some would-be thief trying to use discontent over Cyberpunk as cover, isn't going to make Cyberpunk or any future games any better.

 

The most tangible immediate impact of this is probably going to be making make more rank-and-file devs at CDPR who set out with passion to make a great game consider leaving this cesspool of an industry. They worked for years, at least part of it under brutal crunch conditions, got death threats when the game was delayed, tried to convince the suits that the game wasn't ready even though they knew it would make them the targets of even more hate, got sold out by the suits to appease the investors so they got hate for releasing an unfinished game anyway, and now their work has been stolen while the internet cheers on the thieves.

 

And BTW, since RDR2 comes up as a comparison to Cyberpunk all the time for reasons I still don't understand: RDR2 is pretty and has a good story, but the minute-to-minute gameplay is boring as shit most of the time. 

[leadeater]

11 minutes ago, Middcore said:

It's sad to see so many here, including mods who I would expect to have a more level-headed and mature perspective on things, celebrating this or implying it was somehow just or deserved

If you think that I've said or think they deserved this then you haven't been reading my comments. Like it or not I stand by my first comment, there is absolutely something to be learned from here and that has nothing at all to do with if they deserved it, I celebrating it, or that it was just or not.

 

It's really not an outrageous concept to say releasing a bad quality product knowingly is a bad idea and now that something may or may not have happened due to that that those involved in those decisions or had influence over them should consider putting a higher value over the quality of the product. Just because something bad happened doesn't mean there is nothing to learn from it and neither is it immoral to point it out.

 

Release quality of games has only gotten more troublesome over time, and I will also acknowledge the complexity of them too, but post release updates is a far too used and relied on crutch that is not a good thing.

[HenrySalayne]

5 hours ago, leadeater said:

Well at least maybe it'll teach a lesson to Producers, Board Members and Investors; Finish the development correctly and don't release garbage and piss people off. Someone somewhere might just act upon their anger.

I strongly disagree with your comment.

You don't have to buy a game, you certainly don't have to pre-order a game and if it turns out to be disappointing, so be it. But it surely cannot justify or even trivialize an attack like this.

The only lesson to be learned here is to never try something challenging and uncertain in the first place. Or at least make sure it will never be released (Star Citizen). People will never be satisfied. On the other hand, releasing basically the same game with minimal changes periodically is a safe bet (Fifa, CoD).

 

[leadeater]

2 minutes ago, HenrySalayne said:

You don't have to buy a game, you certainly don't have to pre-order a game and if it turns out to be disappointing, so be it.

I haven't and for the time being won't be, neither do I generally pre-order either.

 

3 minutes ago, HenrySalayne said:

The only lesson to be learned here is to never try something challenging and uncertain in the first place. Or at least make sure it will never be released (Star Citizen).

There were many times where they could have chosen to change development focuses, the quality of the PC and new generation consoles weren't too terrible, not compared to previous gen consoles. Had they been willing to acknowledge that they couldn't also do the previous generations consoles either at all or at the same time then more resources could have been used towards the release to platforms that actually were more ready and capable. This is something CDPR has themselves commented on, they said that the release quality of the previous generation consoles versions was not up to standards and apologized for it.

 

There are many things CDPR could have done, what they choose to do certainly did not result in the release of a high quality product and even resulted in them having to apologize for it. https://www.businessinsider.com.au/cyberpunk-2077-developer-apologizes-to-players-2021-1?r=US&IR=T

 

You cannot tell me that CDPR didn't know about the issues as that is highly unrealistic. Just remember I'm commenting with hindsight, but if they had pushed back the release of the PS4/Xbox versions by a few months and had done so at an early enough time frame I would expect that this would have allowed more resources to go towards fewer platforms resulting in a better outcome for those.

 

And I very much doubt ambition or striving for a challenge had anything at all to do with releasing the game on the previous generation consoles, more rather it had to do with having a larger market base.

 

21 minutes ago, HenrySalayne said:

But it surely cannot justify or even trivialize an attack like this.

Did I trivialize it? Hmm maybe/probably, certainly not justifying it. Really do think you're over-reacting to my comment though, it really is more of a flippant comment which is why I can agree with trivialize but I 100% do believe CDPR knowingly released a bad quality bug ridden game and that is unacceptable.

[cj09beira]

32 minutes ago, leadeater said:

If you think that I've said or think they deserved this then you haven't been reading my comments. Like it or not I stand by my first comment, there is absolutely something to be learned from here and that has nothing at all to do with if they deserved it, I celebrating it, or that it was just or not.

 

It's really not an outrageous concept to say releasing a bad quality product knowingly is a bad idea and now that something may or may not have happened due to that that those involved in those decisions or had influence over them should consider putting a higher value over the quality of the product. Just because something bad happened doesn't mean there is nothing to learn from it and neither is it immoral to point it out.

 

Release quality of games has only gotten more troublesome over time, and I will also acknowledge the complexity of them too, but post release updates is a far too used and relied on crutch that is not a good thing.

seems to me part of the issue was that they set the initial release date way too soon, and then with each delay people got more and more irritated, it was first supposed to launch early 2020, then summer then september-october, seems like bad management and bad marketing 

[ravenshrike]

6 hours ago, gloop said:

RDR2 had nowhere near this many bugs and glitches, and I'd say that it is as big and complex, if not bigger

No. Not only is player movement much, much, much, much slower and limited, but the population spawning is significantly less dense.

[Middcore]

In hindsight it's easy to say CDPR should have delayed the PS4/XB1 versions of the game, or dropped them altogether.

 

Of course, since the game was announced before those consoles launched, and some people had been waiting the entire lifespan of those consoles to play the game on those consoles, if they had cancelled those versions then there would have somewhat understandably been an outcry over that. Also, the PS4 and XB1 still have by far the biggest install base, dwarfing the PS5 and SeriesX/S and the whole PC gaming market, CDPR's investors would have gone apeshit if they had left those sales on the table. (Of course, some of those same investors are now suing CDPR for releasing the game unfinished.) They could have just delayed it, but with every month delayed the PS4 and XB1 become less relevant, and Cyberpunk could have ended up in a window where people who still only had PS4 and XB1 were unwilling to buy it because "I'll wait until I get a new console" but not enough people actually had new consoles yet to get the sales numbers the decision-makers wanted. Releasing when they did gave them the chance to be basically the last "major" release of the PS4/XB1's life cycle, and the CDPR execs and investors couldn't pass that up.

 

Another interesting hypothetical to consider is if they had been able to somehow release it only for the PS4 Pro and Xbox One X, since by most accounts the game ran much better on them compared to the base model consoles, or at least release the game with some sort of warning stating that was the case (sort of the way there were some 3DS games that carried a warning they were optimized for the refresh model, if I remember right?). But there was no precedent for that and Sony and Microsoft almost certainly wouldn't have allowed it because they've liked to maintain the fiction that every game runs perfectly fine on the base consoles and just runs better on the Pro and One X, although we all know there have certainly been other titles that were a shitshow on the base models as well. 

[Heliian]

The "hackers" lose my respect with their terrible spelling and grammar.

 

"EPICALLY" in all caps, are they 12 year olds?

 

Go ahead losers, leak the data to the "gaming journalists".  This is probably going to turn into a net positive for cdpr. 

[D13H4RD]

I think a lot of people here missed the point. 

 

They didn't hack the company because of Cyberpunk. It may be a contributing factor but that's pure speculation on my part. 

 

The point is that the company has a string of PR messes leading up to and post-launch, even for stuff not directly related to the game. This just adds to an already growing list of bad publicity the company would rather do without. While I would still wager that the company would've been hacked regardless, the string of bad publicity makes this more significant in a way. 

[Vishera]

5 hours ago, Delicieuxz said:

Let's tackle each and every one of their warnings:

Quote

DO NOT Modify, rename, copy or move any files or you can DAMAGE them and decryption will be impossible.

No problem,I will just clone the drive and set the clone as read only - problem solved.

Quote

DO NOT Use any third-party or public Decryption software, it also may DAMAGE files.

The solution i mentioned above solves this problem as well.

Quote

DO NOT Shutdown or Reset your system, it can DAMAGE files

Fine,I will just pull the power cord out.

The ransomware maybe programmed to do something after you hit the shutdown button in the operating system,but no program can run or make changes during a sudden power loss.

Another problem solved :D

 

Basically you can bypass each and every one of their stupid anti-tempering mechanisms.

[DildorTheDecent]

I wish these breaches would stop.

 

My hard drive is filling up fast with the amount of stuff getting leaked. I can only save so much.

[Middcore]

13 minutes ago, D13H4RD said:

I think a lot of people here missed the point. 

 

They didn't hack the company because of Cyberpunk. It may be a contributing factor but that's pure speculation on my part. 

 

The point is that the company has a string of PR messes leading up to and post-launch, even for stuff not directly related to the game. This just adds to an already growing list of bad publicity the company would rather do without. While I would still wager that the company would've been hacked regardless, the string of bad publicity makes this more significant in a way. 

 

This smacks of still further victim-blaming. I would agree it's publicity they would rather do without because I'm sure they would rather have not been hacked but the way you've phrased it makes it sound like they did something wrong that created a new "PR mess." 

 

I can see it now, next week some wacko firebombs CDPR's offices and then the internet will be like "Wow more bad publicity for them." 

[Orangeator]

Some humans are pieces of shit, frankly it angers me to read stories like this... This company has put a lot of effort into this game, yet disgruntled employees/consumers take it upon themselves to fuck with things that aren't theirs. Hope they find this douchebag and throw the book at him.

8 hours ago, flo_306 said:

and RDR2 has a ~50km² map size vs ~35km² for Cyberpunk.

This metric is a little misleading. Certain portions of the Cyberpunk map, particularly the city itself, have multiple overlapping sections where the same "geographical point" can have multiple "levels", if that makes sense.

[Vishera]

4 hours ago, GravityHurts said:

Ok I know this is stupid, but what is the difference between the game that you download and the source code? I know that all cdpr games are drm free so does that not mean that we already have access to the source code of the Witcher 3 and Cyberpunk 2077?

As a developer there is not much i can do with a compiled game,but with the source code i can technically do whatever i want.

[Leviathan-]

This sucks for their IT Team. I'm really curious after they're done with the forensics how the heck they got into their system and obtained administrator/root level access. I sure hope it wasn't a weak password that compromised them. 

[wanderingfool2]

19 minutes ago, Leviathan- said:

This sucks for their IT Team. I'm really curious after they're done with the forensics how the heck they got into their system and obtained administrator/root level access. I sure hope it wasn't a weak password that compromised them. 

Wouldn't be surprised if it was just one person opening a bad file.  Mix that with maybe an unpatched server, or a keylogger to get other credentials and there you have it (after all, it wasn't a full on breach by the sounds of it).

[Fnige]

4 hours ago, DildorTheDecent said:

I wish these breaches would stop.

 

My hard drive is filling up fast with the amount of stuff getting leaked. I can only save so much.

[Arika]

8 hours ago, Dedayog said:

CDPR now to fix the issue, us to pay more for games due to increased cost to produce (of which security is a part), etc.  

If CDPR increase the price of their games because of this, then that makes them even worse. you don't offload the cost of upgrading internal security onto your customers. It would be an incredibility scummy move.

[StDragon]

24 minutes ago, Arika S said:

If CDPR increase the price of their games because of this, then that makes them even worse. you don't offload the cost of upgrading internal security onto your customers. It would be an incredibility scummy move.

CDPR already stated they wouldn't pay the ransom.

 

Most likely their IT staff is salaried, so it's a sunk cost in labor regardless. The real loss is downtime. Though some backup programs will let you boot a VM from backup temporarily while you're in the mode of data and VM restoration. So depending on the scope of this, it's possible they won't incur much of an added expense.

[Thaldor]

13 hours ago, Master Disaster said:

You have to wonder how they didn't notice hundreds of TB of data being pulled out of their private network.

Need to add what @leadeatersaid that CDP probably uses servers they already own, as in GOG servers. That means they have huge amounts of outbound traffic from the servers constantly. Not to even add the currently probably huge amount of off-site workers and their traffic to the servers. Like even when GOG hasn't even half of what Steam has, it's still a lot of traffic 24/7 at their servers and even 100s of TBs (most likely we talk only about 10s to 100s of GBs worth of data, PDFs and text files ain't that big and the source codes are just fractions of the size of the games, most of the size of a game comes from assets like models, textures and sounds) would disappear in it like a fart to a desert.

[PlayStation 2]

Guess you can say they got  cyberpunked

...oh, you mean there was already a flamewar between two eggheads about badly executed jokes? Okay.

[leadeater]

2 hours ago, Arika S said:

If CDPR increase the price of their games because of this, then that makes them even worse. you don't offload the cost of upgrading internal security onto your customers. It would be an incredibility scummy move.

Well somebody has to bare the cost and their revenue comes from sales of games so we'll inevitably pay for something like that. It may not be increased price of games but in the form of extended development times between games, more DLC for existing games rather than new games. If they have to outlay a significant amount of capital to remedy a security problem then that cost has to be recouped.

 

1 hour ago, StDragon said:

 

Most likely their IT staff is salaried, so it's a sunk cost in labor regardless. The real loss is downtime. Though some backup programs will let you boot a VM from backup temporarily while you're in the mode of data and VM restoration. So depending on the scope of this, it's possible they won't incur much of an added expense.

 Main problem I expect them to be facing it known when to restore to and if the recovery points themselves contain compromised software that would allow them access back in and to do even more malicious damage than what has been done already. That's happened to companies before and it's an utter disaster when it happens as they forgo encrypting data and do straight to destruction and damage and then  try and target things like the backup infrastructure.

 

Integrity of the backups becomes a real problem under these situations.