CD PROJEKT RED Suffers Ransomware Attack

It has not been a good couple of months for the folks over at CD PROJEKT RED. The game developer often praised for its critically acclaimed The Witcher 3 effectively saw all of its brownie points vanish with the release of a highly anticipated title late last year. Cyberpunk 2077, with all its hype dating back to its first trailer in 2013, was largely considered an unfinished mess upon release last December. It was labeled virtually unplayable on last-gen consoles, forcing Sony to pull the game from its digital store. Plenty of other retailers caved on their oft-bulletproof return policies to offer dissatisfied gamers refunds. 

Fast-forward to present day, and the game developer may be dealing with even bigger problems. CDPR released a statement earlier this month disclosing that it had been the victim of a cyber attack and was being held at ransom. 

“An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT RED capital group, and left a ransom note the content of which we release to the public,” the company wrote. “Although some devices in our network have been encrypted, our backups remain intact. We have already secured our IT infrastructure and begun restoring the data.” 

Worse yet, it appears that data breach includes the source code for Cyberpunk 2077… which has reportedly been sold at auction after CDPR refused to give into ransom demands. There’s no word on exactly how much the code sold for, although cybersecurity firm Kela notes that the bidding was set to start at $1 million with a “buy it now” option sitting at a cool $7 million. 

Perhaps the new owners of the source code can get around to finishing the game. 

Google VPN Coming to iOS

More than two years removed from first announcing the beta in November 2018, Google’s VPN service is finally coming to iOS. The company announced earlier this month that its privacy tool will be available for iPhones this spring. 

Google’s VPN protection is designed to help protect users who may frequently use public WiFi, or apps that don’t encrypt user data. Inputting payment information on apps that don’t encrypt data could make that information susceptible to interception during transit. The VPN connection will also prevent websites from using your IP address to track your location. 

Google Fi is available in two plans: Flexible and Unlimited. The Flexible plan will run you $20 per month, plus an additional $10 for each gig of data. “Unlimited,” meanwhile, is $70 per month, with throttling kicking in at 22 GB. You’ll get additional storage and international calling benefits with the latter. 

If you’re fantasizing about the good ol’ days of using your local coffee shop’s public WiFi at some point in the next year, this may be something to consider.

Slack Urges Android Users to Update Password

Some Slack users were hit with an important email this week: change your password.

The problem: The email has all the hallmarks of a phishing attempt. It isn’t — don’t ignore it.

Slack says those using the mobile application on Android devices had their passwords stored in plain text from Dec. 21 and Jan. 21. That would have allowed other applications on the device to view the credentials. 

The company did note that it did not see any unauthorized access, and that any affected users were already notified before having their passwords revoked. 

To be clear, this only affected users who logged in to Slack with their credentials during that 31-day span. Better yet, those who were already logged in and/or using a single sign-on have nothing to worry about. 

While we’re talking about Slack security, let us remind you about 2-factor authentication. Slack doesn’t have that set up by default, so be sure to get that done using this link.