CD Projekt
Image: CD Projekt

Earlier today, Cyberpunk 2077 and The Witcher 3 developer CD Projekt Red revealed that it had become the target of a ransomware attack. The studio posted the news online, publicly sharing a ransom note said to be left by a hacker which claimed that the source code for some of its top games had been stolen, alongside a warning that they'd leak unreleased content if they and CD Projekt couldn't come to "an agreement."

CD Projekt has said that it "will not give in to the demands" and has already approached relevant authorities. It has also reassured fans that personal data of players doesn't seem to have been compromised.

Now, in a statement shared with Nintendo Life, ProPrivacy Digital Privacy Expert Ray Walsh says that CD Projekt "runs a real risk that those games will be leaked online."

"It will be interesting to see how CD Projekt Red deals with this ransom attack moving forward, and whether it goes back on its initial statement and eventually does decide to pay the hackers to protect the code for Cyberpunk and a forthcoming version of The Witcher 3.

"If game code was stolen, they run a real risk that those games will be leaked online – whether they pay or not. If the game code is released online, this would permit cracked versions of their games to proliferate online for free, as a result of which the studio could find themselves haemorrhaging profit."

Speculation surrounding the server hack has already started to circulate online, and while it is just that – speculation – Walsh goes on to suggest that the possibility of the attack being an inside job is "plausible".

"The possibility of an inside job is of course plausible. The bad press caused by the early release of Cyberpunk 2077 in a buggy state, as well as reports that CD Projekt Red blamed its developers for the issues, could well have left a bad taste in somebody's mouth.

"We will now have to wait and see exactly what forensic analysis reveals about this hack so that CD Projekt Red can ascertain exactly what data was affected and what exactly might potentially be at risk.

"The good news is that initial reports appear to show that no consumer-related data was lifted. However, consumers will need to watch this incident closely to be sure that no personal data was affected that could be leveraged for phishing or ID fraud, for example."

CD Projekt's official statement can be read here.