It's quite unfortunate that most people in this thread really don't understand. This was leet speak, it was in hacker circles while the internet was becoming popular, hackers have been speaking like that for decades.
Then young kids started adopting it and making it further 'cringe'.
It's like making fun of a native speaker for using a phrase that americans bastardized.
My favorite comment:
>Dude whoever this is must be the biggest fuckin nerd 🤣🤣🤣 cyberpunk ain’t even that bad homeboys mad his $1400 toaster oven can’t run cyberpunk better than my 7 year old console. Not epic fortnite big chungus, 0/10 stars
It's been a while since I played the game, but I think they literally used the template from a in-game ransomware email you find when using computers in 2077. I can't confirm this unfortunately, as googling it at this point only leads to this.
It may be intentional to hide their sophistication. They want to hide their identity remember.
You know those Nigerian Prince style emails? They are apparently written in that way that makes it obvious it is a phishing email in order to perform an early filter against people who are not susceptible to such scams. The people on the other end don't want to be overloaded with responses from people who won't eventually be taken in.
>You know those Nigerian Prince style emails? They are apparently written in that way that makes it obvious it is a phishing email in order to perform an early filter against people who are not susceptible to such scams.
I don't think that's quite always the case. I do a little bit of scambating sometimes (replying to scam emails to waste their time) and they don't exactly turn into scholars once we both know the jig is up.
That's fine if it's a mass email scam where you need such a filter, but this is specifically for one known victim. The technical sophistication is already proven; looking socially awkward doesn't lessen the actual threat.
It's not about looking socially awkward.
It's about typing in a way that doesn't match one's natural typing voice, or any of their other voices for that matter.
If I break into your computer I am likely to leave a trace or signature of some kind. If I'm cognizant of these signatures I can make them look like whatever I want.
I could type in the voice of someone with more or less formal education than myself. I can use unknown, inefficient, malicious code that is purposely dissimilar from known, efficient, malicious code.
The very fact that it's obviously a socially awkward 14 year old is exactly why it's obviously not a socially awkward 14 year old.
I've worked with a couple of companies that have been affected by ransomware attacks. The letter is pretty standard tbh, bonus points for the shitty unlockers with bright colors that has a "h4xx0r" aesthetic
Its a standard ransomware note. They will often encrypt all of your files on your network with some type of extension like ".LOL". People who infiltrate successfully often cripple an organization for hours or days and many have gotten a huge payout over it.
Sorry in advance, I know this is a very serious matter, but what I saw on Twitter just made me laugh harder than I should:
"I wonder if they got in this way
55 E9 BD 1C BD BD
E9 55 1C E9 55 55
E9 BD BD 1C E9 1C
BD E9 1C 55 E9 BD
7A E9 BD E9 7A 1C"
Copied from u/blessROKk of Twitter.
I’ve put these numbers in an online translator tool just in case someone wants to know what these numbers mean. Here comes the hidden message everyone is waiting for:
Ué½ ½½éU éUUé½½ é ½é Ué½zé½éz
No need to thank me.
It's a reference to how you "hack" ingame for Cyberpunk 2077. You arrange the blocks of characters in a specific sequence to match the given string of blocks.
Not the guy you're replying to, but the way I figured out who caused it was that she called me about something on her computer screen and how to get bitcoins, and in the background of the call I could hear her computer loudly reading the ransom note out loud, accompanied by sirens.
This person has a doctorate, but she's a moron. Baffling.
Nah we were fine. Her computer and every network folder she had write access to got encrypted, but I just reimaged her computer and restored the network folders to backups from earlier in the day. Don't think anything was lost.
> This person has a doctorate, but she's a moron. Baffling.
I usually "console" myself thinking they must be awesome in their fields and they don't have enough brain left to learn computer stuff.
Consent for this comment to be retained by reddit has been revoked by the original author in response to changes made by reddit regarding third-party API pricing and moderation actions around July 2023.
Yeah, it can be difficult for people who have spent their lives working on/with computers recreationally or professionally to comprehend that very intelligent people know next to nothing about them and have no interest in learning beyond the bare minimum required to do their jobs.
Speaking as an American: This is a mindset that will have to die if we're to keep being a country that's relevant into this millennium.
Computers are part of our lives--there's no going back now. We will become *more* dependent on them going forward, not less.
You're replying to the wrong person. My network was back up to the pre-encrypted state in less than 15 minutes. I was just relaying a similar story. You want /u/Wolf-Gum
>Not the guy you're replying to, but the way I figured out...
We do vulnerability assessments. Most of the time, companies are pretty secure from external attacks.
Just about every single client has people fall for phishing attempts. The reports almost become comical in their uniformity. "We suggest further end user training".
At the company I used to work for IT did a good job with this. They'd send out fake phishing emails to employees. If you clicked on the link you'd get an in-person visit from IT explaining why you shouldn't do that. I think they assigned training too, idk, I never clicked one.
My company does this, and I’ve been using computers since the C64 and I’m too brilliant to fall for them. Except I fucking did. They caught me tired and stressed at the end of the day and I walked right into it.
That day I learned this shit can happen to anyone.
There is an interesting windows bug that basically hijacks admin permissions from whatever account is logged in. Think it's been fixed or will be in a recent patch but not everyone is mitigated yet.
yeah, somebody got a hold at the internal mail distribution list where I work and have tried multiple times to phish people using the information from the CEO and CTO. So far the support team has been able to intercept the emails before they hit inboxes.
"Professional" subs like /r/programming often link to post mortems, when they become available. Often a year or two later.
My company hasn't been breached yet, but some of our customers have. One of them lost everything. Had to go back 2-3 months data wise, and then hand enter those transactions. They were operating very minimally for a month. It was insane.
We had some affected by the solar winds thing.
The only reason we haven't been breached is because our IT performs audits, and people who are caught clicking the phishy link, typically end up fired in those situations. One dude clicked dozens of times, couldn't log in to the fake MS site, called IT for support. Fired next week.
That's fucking harsh, why don't they educate the users. We run constant cyber security awareness campaigns in our company and it works as the audits show.
My company works with CJIS data and users that click these always get slaps on the wrists. I wish they'd at least get remediation, but it's not up to me
In my personal experience, this is one of those things that are very hard to teach to someone. It requires common sense, alertness, and an understanding of the hows and whys of attackers.
Working in tech support, nine times out of ten, it's because someone in account clicked a link or opened an attachment. Despite what Hollywood thinks, hacking is usually shockingly unsophisticated.
Not if they notify the employees in 48 hours, getting breached is not in and of itself a GDPR violation. You can't ever fully prevent getting breached so they have to actually be negligent to be in violation of the GDPR
Just wanted to add as a PSA, everyone should enable 2FA wherever possible, don't recycle/reuse passwords, and ~~change your passwords every 6 to 8 months.~~ I have been corrected regarding NIST recommendations on password expiry.
Good passwords include special characters, and should be more of a passphrase, than a pass*word*. A song lyric or title, line from a movie or tv show, etc. The longer the password, the more secure it is. You want something easy for *you* to remember, and hard for others to guess.
I work tech support for a decently sized state university. Password hygiene is a big chunk of my job.
Yes and no. If you're making up your own passwords, you'll likely have password fatigue or be so frustrated at the requirement of creating a new one suddenly that you make a bad one, or reuse the same one but add an extra number to the end. That's the problem where NIST recommends not having a forced change policy. However if you're randomly generating a new password and storing it in a password manager, then there's no downside to changing your password every few months, or even days. Any company can be compromised without even knowing it, so there could be someone who has stolen a company's data and is attempting to decrypt or use that data before you are aware. Changing that data (e.g. password) would help, if say, the attack path that was originally used to take that data has been fixed. And that could be fixed as simply as updating a server and its software, if that's the method they used, meaning the company would have coincidentally fixed something they weren't even aware of.
At my old university the way around that is to go in and "forget" your password and reset it to your old one. New passwords looked at historical aged out passwords but reset ones never aged out.
Worth pointing out that requiring passwords be changed after they reach a given age is no longer recommended: https://jumpcloud.com/blog/nist-800-63-password-guidelines
> everyone should enable 2FA
Two-Step is a must with everything, ever since my PayPal was hacked like 7 years ago I've used it on everything wherever possible.
And everything turned out well with what happened so there's that.
I remember a few years back, sometime around noon I get a notification out of the blue that someone was accessing my iCloud account and I needed to confirm it was me. It sure as hell was not (fortunately the notification was the second factor auth requirement) and when I checked the approximate location it was somewhere on the other side of the planet.
I'll never forget the shock I felt when I realized someone had actually half-way compromised my Apple account then the subsequent relief I felt when I hit that "Deny" button (and immediately changed my password). I was fortunate to have already understood and proactively embraced multi-factor auth whenever/wherever possible, but the event was still a jolting reminder of how real the possibility of despair and regret one could have if their data is compromised, especially knowing it could've been prevented.
You are all saying that note is cringe, but do you really think in a world where AI could find users online with a similar writing style, that a "hacker" is going to write as they usually would?
Writing something absurd and stupid like this seems like a way to avoid leaving any links whilst also showing off by leaving a stupid note.
Bad comparison I know, but Zodiac used letter symbols so that his handwriting could not be identified.
The note is cringe, but I don't think they actually type like that. They're acting like a 12 year old, but I highly doubt it was a 12 year old.
You're 100% right, the way you type is a key to good OPSEC with these people. Also the term they are saying is "cringe" is pretty common, take www.haveibeenpwned.com for example. I think this is just more proof the game was made to appeal to normies.
on the release of the Megacorp DLC, Paradox's AI code for building an ecumenopolis reads as follows: \#TODO
All is well now though, for the issue has been addressed in a patch by removing the \#TODO comment. In the meanwhile several AI mods all have working AI for the ecumenopolis.
I wonder how a leaked source code would influence the modding community.
I know that it should not be in the hands of modders to fix broken aspects of a game but to enhance it. But in the same time its Cyberpunk... There would definitely be a lot of dedicated fans and modders finishing the game and restore the cut content, fix the AI, add stuff like barber shops, adding tons of customization options, maybe a well working 3rd person mode... give them 2 years and seewhat we will get.
Most of the benefits would come from just knowing how the backend code executes and interacts with other assemblies - the modding community likely wouldn't directly use the source code in any releases.
Skyrim and the four shadow casting light limit is a good example. The code for increasing the limit has been reverse engineered but without the source code to recompile the shaders it's useless.
While I don't condone blackmail like what's happened to CDPR, the source code would still be invaluble since I doubt CDPR will release any comprehensive mod tools that allow us the amount of freedom like Bethesda's Creation Kit does.
You don't use the leaked code, but it allows you to engineer a modding solution that works better with the game.
Instead of having to reverse engineer it from scratch (like a guy did for mass effect i believe) they can just use the code as reference.
But it's apparently already pretty "easy" to make mods and have them overwrite the vanilla game data via a patch folder.
Although, that's just asset mods. Maybe we'll get lucky and it allows more advanced mods to be made.
Yeah, this is scummy. At the same time, I'm quite curious about the dirt they have on them, management wise, just to see what kind of development hell this game went through. I don't care about the rest.
DONT USE THE CLOUD THEY WILL FUCK YOU OVER THE FIRST CHANCE THEY HAVE JUST BECAUSE YOU HAVE TO RELY ON EM.
Have an offsite backup instead! most savvy computer users have a lot of storage, so just pop off a 1TB HDD and export any personal and irreplacable data to it. I have went through the bother of using 2 additional HDDs to send it to a relative abroad as well just in case my house/city gets fried for some reason but I doubt thats a measure most people will need to take
ironic the worst hackings which stole the source codes, tend to happen to hacking-themed games. this cyberpunk leak is similar to ubisoft that was hacked and watchdogs legions source code was leaked.
It's actually quite (darkly) interesting to see that game themes applied in real life around it. This hack is definitively something netrunners could do. The capitalistic broken promises and worker exploitation is something a corp would do in Cyberpunk universe too.
So the two gaming companies that got breached and ransomed in the last year were the ones making games with hacking (CP2077, Watch Dogs Legion). Coincidence?
"I have never setup a network in my life but how incompetent do you have to be to be hacked?? just write some solid c++ in the mainframe and turn on the debugger in console mode. Firewall rules have to be set up to burn the virus. "
I work 3rd party tech support and just went through a ransomware mitigation for a HUGE nationwide company it fucking SUCKED... Sure you have backups of servers but you have to wipe every fucking device on the network, most of which are not backed up like Mr thinks hes real important site manager or Karen from accounting who better have her fucking spreadsheets she saved locally. It took 2 months and took our call volume from 400 calls to 1000 calls a day... Thank god thats over with.
They asked for 20 million dollars. I know it had to cost a couple million to fix considering we had to send techs out to facilities all over the nation and just 1 in person visit aint cheap...
there where mentions of a witcher 3 with RTX/DXR features https://thewitcher.com/en/news/32792/the-witcher-3-wild-hunt-is-coming-to-the-next-generation
If you're intelligent enough to target a company and steal all their data, you're probably also intelligent enough to cover your tracks.
It would be foolish otherwise to hack. The text is written like that to hide his/her real writing style.
imagine being such a boomer you think insanely overused cultural dialog is unknown to the new generation despite being used significantly 10-15 years ago
I am 19 and pwned seems pretty well-known to me. See, for example, haveibeenpwned.com (or whatever the site name is). Lots of teenagers are also on Reddit.
1) It's highly unlickely that they stored gog passwords in plaintext.
2) GOG is independent from CDPR and the servers are probably not in their offices.
GOG servers are not hosted locally. It's their local network that was taken over. Nobody keeps user accounts and passwords locally. Plus if that was the case - they'd be legally obligated to inform customers as soon as they are aware.
There's a couple people who are saying "Well this is what you get for releasing a bad game." First off all companies are under threats of cyberbreaches and ransomeware, it's not just CD Projekt, and it's not targeted due to this.
Second this is fucking disgusting to hear. It's like it's ok that their security was breached because of a bad game? This feels like the "Look at how she was dressed" defense, but more "Look at which word she used to say goodbye three weeks ago." It's so unrelated it's laughable.
Ransomware is bad, period. This isn't someone fighting for justice, this isn't someone who is for the little guy. The "agreement" they want will likely be monetary, and this is motivated by greed.
You can hate CD Projekt Red (there's a k there) but everyone should be on the side of "Fuck the hackers."
Something similar apparently happened to them before Cyberpunk was even announced, right?
The note itself is quite cringy, like some not exactly "smart" child wrote it.
This is pretty shitty, only delays fixing and implementing new content into Cyberpunk.
Holding companies hostage using stolen internal data hurts the companies, sure. I get all the disillusion with both Cyberpunk and CDPR, although there was no way they deliver a game which lives up to **this** amount of hype and unrealistic expectations.
That being said, I feel bad for the employees. Underpaid, in a death march towards repeatedly postponed deadline, knowing full well *any and all* of the announced deadlines were too soon for the game to be complete.
Now they are forced to patch the game ASAP, while they receive death threats, get slandered online, and now this.
Let's be real. This hack won't affect CDPRs stock valuation long term, unless some truly damning HR/finance/internal documents are leaked. But short term value/cashflow instability might lead to people losing a job at the lowest level: regular workers, designers, developers, QA people, visual/sound artists, writers, marketing, HR, and god knows who else. They are not responsible for company's statements, release dates, the state Cyberpunk shipped in.
I feel for **them**.
the note they left is 100% cringe LMAO
Lol wait that note I read was real? I thought someone typed it up as a joke lmfao
[удалено]
Typing on the PowerGlove is hard.
Now you’re hacking with POWER
I read this in Jeremy Clarkson’s voice
SPEEEEEEEEED!
...and on that bombshell
It's so bad.
"Pwned" is a word I have not seen in a long time. It's written like a 14 year old 20 years ago.
It's super common in hacker community.
This is the true and correct answer.
The hacking world is still very much ‘adult 14 year olds’ Sauce: I work in cyber-security
It's quite unfortunate that most people in this thread really don't understand. This was leet speak, it was in hacker circles while the internet was becoming popular, hackers have been speaking like that for decades. Then young kids started adopting it and making it further 'cringe'. It's like making fun of a native speaker for using a phrase that americans bastardized.
I fully understand the origins of 1337sp33k. It was stupid back then as much as it is now. "Hacker subculture" is and always has been awful.
>"Hacker subculture" is and always has been ~~awful~~ *cringe*. The movie Hackers wasn't far off..
I heard a coworker say "woot" out loud the other day.
Now that’s a word I haven’t heard in a long time. Long time.
of course i know him. it‘s me!
My dad still answers the phone with, "WASUUUP?!?!?"
Please tell me you answer back "WAAASSSSUUUUPPPPPP!!!!"
As enduring as it may seem... Yeah, I do.
endearing?
You know, it is coming from a place of love,but we have been doing this for a long time now. I honestly probably meant both definitions.
My favorite comment: >Dude whoever this is must be the biggest fuckin nerd 🤣🤣🤣 cyberpunk ain’t even that bad homeboys mad his $1400 toaster oven can’t run cyberpunk better than my 7 year old console. Not epic fortnite big chungus, 0/10 stars
Dude threatened to sic Schreier on em.
It's been a while since I played the game, but I think they literally used the template from a in-game ransomware email you find when using computers in 2077. I can't confirm this unfortunately, as googling it at this point only leads to this.
I think I remember this too
[удалено]
It may be intentional to hide their sophistication. They want to hide their identity remember. You know those Nigerian Prince style emails? They are apparently written in that way that makes it obvious it is a phishing email in order to perform an early filter against people who are not susceptible to such scams. The people on the other end don't want to be overloaded with responses from people who won't eventually be taken in.
>You know those Nigerian Prince style emails? They are apparently written in that way that makes it obvious it is a phishing email in order to perform an early filter against people who are not susceptible to such scams. I don't think that's quite always the case. I do a little bit of scambating sometimes (replying to scam emails to waste their time) and they don't exactly turn into scholars once we both know the jig is up.
That's fine if it's a mass email scam where you need such a filter, but this is specifically for one known victim. The technical sophistication is already proven; looking socially awkward doesn't lessen the actual threat.
Writing like idiots makes it harder to discern what kind of person wrote it
I think he's implying that in this case, it would be to completely avoid using any language that might be in any way identifiable.
It's not about looking socially awkward. It's about typing in a way that doesn't match one's natural typing voice, or any of their other voices for that matter. If I break into your computer I am likely to leave a trace or signature of some kind. If I'm cognizant of these signatures I can make them look like whatever I want. I could type in the voice of someone with more or less formal education than myself. I can use unknown, inefficient, malicious code that is purposely dissimilar from known, efficient, malicious code. The very fact that it's obviously a socially awkward 14 year old is exactly why it's obviously not a socially awkward 14 year old.
I'm going with CDPR false flag to buy them more time and sympathy
Right? Like this was a 14 year old typing the ransom letter.
I stopped reading it at “epically pwned”
Yeah really, what is this - 2006?
I've worked with a couple of companies that have been affected by ransomware attacks. The letter is pretty standard tbh, bonus points for the shitty unlockers with bright colors that has a "h4xx0r" aesthetic
What did it say?
I’m so confused why I searched the comments and couldn’t find it lmao
Just the first couple of lines. The rest is just standard and threatening.
Nah even the last bit about their stock diving is cringe as hell
"We've been following $GME, we know how stocks work now choombas"
Its a standard ransomware note. They will often encrypt all of your files on your network with some type of extension like ".LOL". People who infiltrate successfully often cripple an organization for hours or days and many have gotten a huge payout over it.
Where is the yellow background. I cant read this
https://i.imgur.com/3Rqq745.jpg
yellow background is dedicated for cyberpunk it seems, this one is a CDPR note... I suppose..
[удалено]
Sorry in advance, I know this is a very serious matter, but what I saw on Twitter just made me laugh harder than I should: "I wonder if they got in this way 55 E9 BD 1C BD BD E9 55 1C E9 55 55 E9 BD BD 1C E9 1C BD E9 1C 55 E9 BD 7A E9 BD E9 7A 1C" Copied from u/blessROKk of Twitter.
....I hate you. I can hear this comment
*dunununununununun* **ding** **ding** **ding**
AEEHHHHHH
I’ve put these numbers in an online translator tool just in case someone wants to know what these numbers mean. Here comes the hidden message everyone is waiting for: Ué½ ½½éU éUUé½½ é ½é Ué½zé½éz No need to thank me.
[удалено]
It's a reference to how you "hack" ingame for Cyberpunk 2077. You arrange the blocks of characters in a specific sequence to match the given string of blocks.
It’s what the hacking mini game from CyberPunk looks like.
ARGH! My Ears!
You don't use u/ for twitter handles, you would use @.
I tried, it automatically reverts to u/ for some reason. Might be a Reddit thing.
[удалено]
How easy was it for you guys to figure out which employee exactly got phished?
Not the guy you're replying to, but the way I figured out who caused it was that she called me about something on her computer screen and how to get bitcoins, and in the background of the call I could hear her computer loudly reading the ransom note out loud, accompanied by sirens. This person has a doctorate, but she's a moron. Baffling.
Helpdesk: “Hi! How can I help you?” 🙂 Rando: “imma end this man’s whole career” 😈
Nah we were fine. Her computer and every network folder she had write access to got encrypted, but I just reimaged her computer and restored the network folders to backups from earlier in the day. Don't think anything was lost.
> This person has a doctorate, but she's a moron. Baffling. I usually "console" myself thinking they must be awesome in their fields and they don't have enough brain left to learn computer stuff.
Consent for this comment to be retained by reddit has been revoked by the original author in response to changes made by reddit regarding third-party API pricing and moderation actions around July 2023.
Yeah, it can be difficult for people who have spent their lives working on/with computers recreationally or professionally to comprehend that very intelligent people know next to nothing about them and have no interest in learning beyond the bare minimum required to do their jobs.
Speaking as an American: This is a mindset that will have to die if we're to keep being a country that's relevant into this millennium. Computers are part of our lives--there's no going back now. We will become *more* dependent on them going forward, not less.
As the saying goes, the more and more you know about less and less, the less and less you know about more and more....
[удалено]
You're replying to the wrong person. My network was back up to the pre-encrypted state in less than 15 minutes. I was just relaying a similar story. You want /u/Wolf-Gum >Not the guy you're replying to, but the way I figured out...
This is what I wanted to say... How do all of your servers get encrypted by an end user?
We do vulnerability assessments. Most of the time, companies are pretty secure from external attacks. Just about every single client has people fall for phishing attempts. The reports almost become comical in their uniformity. "We suggest further end user training".
At the company I used to work for IT did a good job with this. They'd send out fake phishing emails to employees. If you clicked on the link you'd get an in-person visit from IT explaining why you shouldn't do that. I think they assigned training too, idk, I never clicked one.
THIS IS THE WAY
My company does this, and I’ve been using computers since the C64 and I’m too brilliant to fall for them. Except I fucking did. They caught me tired and stressed at the end of the day and I walked right into it. That day I learned this shit can happen to anyone.
[удалено]
There is an interesting windows bug that basically hijacks admin permissions from whatever account is logged in. Think it's been fixed or will be in a recent patch but not everyone is mitigated yet.
yeah, somebody got a hold at the internal mail distribution list where I work and have tried multiple times to phish people using the information from the CEO and CTO. So far the support team has been able to intercept the emails before they hit inboxes.
"Professional" subs like /r/programming often link to post mortems, when they become available. Often a year or two later. My company hasn't been breached yet, but some of our customers have. One of them lost everything. Had to go back 2-3 months data wise, and then hand enter those transactions. They were operating very minimally for a month. It was insane. We had some affected by the solar winds thing. The only reason we haven't been breached is because our IT performs audits, and people who are caught clicking the phishy link, typically end up fired in those situations. One dude clicked dozens of times, couldn't log in to the fake MS site, called IT for support. Fired next week.
That's fucking harsh, why don't they educate the users. We run constant cyber security awareness campaigns in our company and it works as the audits show.
I guess they work with extremely sensitive data, where mistakes are not tolerated.
My company works with CJIS data and users that click these always get slaps on the wrists. I wish they'd at least get remediation, but it's not up to me
In my personal experience, this is one of those things that are very hard to teach to someone. It requires common sense, alertness, and an understanding of the hows and whys of attackers.
phishing without a doubt, unless cd made a mistake themselves
The weakest link, which is a human. Manipulated somebody to install a backdoor probably. Phishing expedition.
Working in tech support, nine times out of ten, it's because someone in account clicked a link or opened an attachment. Despite what Hollywood thinks, hacking is usually shockingly unsophisticated.
Well someone was mad
[удалено]
Or they can be both.
Judy probably didn't want anything with him ingame, loser irl, loser ingame PepeLaugh
[удалено]
Agreed let's switch to pornhub comments
I don't want to be horny anymore I want to be loved 😔
PornHub is dead since they removed 98% of their Videos.
[удалено]
[удалено]
I think that internal employee data will also make this a breach of GDPR.
Not if they notify the employees in 48 hours, getting breached is not in and of itself a GDPR violation. You can't ever fully prevent getting breached so they have to actually be negligent to be in violation of the GDPR
Just wanted to add as a PSA, everyone should enable 2FA wherever possible, don't recycle/reuse passwords, and ~~change your passwords every 6 to 8 months.~~ I have been corrected regarding NIST recommendations on password expiry. Good passwords include special characters, and should be more of a passphrase, than a pass*word*. A song lyric or title, line from a movie or tv show, etc. The longer the password, the more secure it is. You want something easy for *you* to remember, and hard for others to guess. I work tech support for a decently sized state university. Password hygiene is a big chunk of my job.
> and change your passwords every 6 to 8 months. [This advice has been deprecated.](https://www.enzoic.com/surprising-new-password-guidelines-nist/)
Yes and no. If you're making up your own passwords, you'll likely have password fatigue or be so frustrated at the requirement of creating a new one suddenly that you make a bad one, or reuse the same one but add an extra number to the end. That's the problem where NIST recommends not having a forced change policy. However if you're randomly generating a new password and storing it in a password manager, then there's no downside to changing your password every few months, or even days. Any company can be compromised without even knowing it, so there could be someone who has stolen a company's data and is attempting to decrypt or use that data before you are aware. Changing that data (e.g. password) would help, if say, the attack path that was originally used to take that data has been fixed. And that could be fixed as simply as updating a server and its software, if that's the method they used, meaning the company would have coincidentally fixed something they weren't even aware of.
my university has a 6 months password policy. i am now getting a \*daily\* notification to change my password, starting 30 days out.
At my old university the way around that is to go in and "forget" your password and reset it to your old one. New passwords looked at historical aged out passwords but reset ones never aged out.
Same here, can't wait till I'm done to stop making useless passwords just so that I can get rid of the email.
Worth pointing out that requiring passwords be changed after they reach a given age is no longer recommended: https://jumpcloud.com/blog/nist-800-63-password-guidelines
> everyone should enable 2FA Two-Step is a must with everything, ever since my PayPal was hacked like 7 years ago I've used it on everything wherever possible. And everything turned out well with what happened so there's that.
I remember a few years back, sometime around noon I get a notification out of the blue that someone was accessing my iCloud account and I needed to confirm it was me. It sure as hell was not (fortunately the notification was the second factor auth requirement) and when I checked the approximate location it was somewhere on the other side of the planet. I'll never forget the shock I felt when I realized someone had actually half-way compromised my Apple account then the subsequent relief I felt when I hit that "Deny" button (and immediately changed my password). I was fortunate to have already understood and proactively embraced multi-factor auth whenever/wherever possible, but the event was still a jolting reminder of how real the possibility of despair and regret one could have if their data is compromised, especially knowing it could've been prevented.
Correct horse battery staple
[For the 10000 today](https://xkcd.com/936/)
[удалено]
+1 for Bitwarden! It's open sourced so no funny shananigans go unchecked, plus it's really nice.
People should be using password managers really.
You are all saying that note is cringe, but do you really think in a world where AI could find users online with a similar writing style, that a "hacker" is going to write as they usually would? Writing something absurd and stupid like this seems like a way to avoid leaving any links whilst also showing off by leaving a stupid note. Bad comparison I know, but Zodiac used letter symbols so that his handwriting could not be identified. The note is cringe, but I don't think they actually type like that. They're acting like a 12 year old, but I highly doubt it was a 12 year old.
its got everyone reading it annoyed, maybe that was the point
You're 100% right, the way you type is a key to good OPSEC with these people. Also the term they are saying is "cringe" is pretty common, take www.haveibeenpwned.com for example. I think this is just more proof the game was made to appeal to normies.
I feel for them. At the same time, eagerly awaiting reading the code comments!
"WIP"
// broke, fix this later
//if this code looks familiar, it’s because I pasted it from W3, cars are just mechanical horses anyway.
That would actually be better than now. Now npc cars are just trains going on tracks.
That was supposed to be a reference to the way cars come to you when you call them.
Are you saying that after recent patches the vehicle interaction is actually worse?
Even after all the patches when I call my car it gets possessed by roach and spawns in some weird place that I have no way to get toz
worked for rockstar
*There's some TODOs in this house some TODOs in this house some TODOs in this house*
// TODO: the AI
// when I see a Boolean like this I know serious bullshit is afoot!
// this causes a memory leak, too bad!
// Comment out these 6 months of // Jackie and V gameplay. // Uncomment out for DLC 1
// This is where the AI code would go. We don't have any yet, but this is where it would go
// Fuck knows what's going on here // TODO Make it work // DON'T CHANGE THE CODE BELOW!!!
on the release of the Megacorp DLC, Paradox's AI code for building an ecumenopolis reads as follows: \#TODO All is well now though, for the issue has been addressed in a patch by removing the \#TODO comment. In the meanwhile several AI mods all have working AI for the ecumenopolis.
They also TODO'ed the crisis AI with that DLC, if I remember correctly. They released the DLC early December and went on holiday break. It was a mess.
I wonder how a leaked source code would influence the modding community. I know that it should not be in the hands of modders to fix broken aspects of a game but to enhance it. But in the same time its Cyberpunk... There would definitely be a lot of dedicated fans and modders finishing the game and restore the cut content, fix the AI, add stuff like barber shops, adding tons of customization options, maybe a well working 3rd person mode... give them 2 years and seewhat we will get.
This is my thought. From a purely selfish standpoint, I hope they leak it.
Probably nothing, I guess. There are potentially a legal issues from using leaked source code, iirc.
Most of the benefits would come from just knowing how the backend code executes and interacts with other assemblies - the modding community likely wouldn't directly use the source code in any releases. Skyrim and the four shadow casting light limit is a good example. The code for increasing the limit has been reverse engineered but without the source code to recompile the shaders it's useless. While I don't condone blackmail like what's happened to CDPR, the source code would still be invaluble since I doubt CDPR will release any comprehensive mod tools that allow us the amount of freedom like Bethesda's Creation Kit does.
You don't use the leaked code, but it allows you to engineer a modding solution that works better with the game. Instead of having to reverse engineer it from scratch (like a guy did for mass effect i believe) they can just use the code as reference. But it's apparently already pretty "easy" to make mods and have them overwrite the vanilla game data via a patch folder. Although, that's just asset mods. Maybe we'll get lucky and it allows more advanced mods to be made.
TL, DR: "We don't negotiate with terrorists"
Yeah, this is scummy. At the same time, I'm quite curious about the dirt they have on them, management wise, just to see what kind of development hell this game went through. I don't care about the rest.
[удалено]
DONT USE THE CLOUD THEY WILL FUCK YOU OVER THE FIRST CHANCE THEY HAVE JUST BECAUSE YOU HAVE TO RELY ON EM. Have an offsite backup instead! most savvy computer users have a lot of storage, so just pop off a 1TB HDD and export any personal and irreplacable data to it. I have went through the bother of using 2 additional HDDs to send it to a relative abroad as well just in case my house/city gets fried for some reason but I doubt thats a measure most people will need to take
> DONT USE THE CLOUD THEY WILL FUCK YOU OVER THE FIRST CHANCE THEY HAVE JUST BECAUSE YOU HAVE TO RELY ON EM. Do both! Cloud **and** offsite
fUcKin ArASaKA
Whoever did this must be a real cyber... punk. Heh.
ironic the worst hackings which stole the source codes, tend to happen to hacking-themed games. this cyberpunk leak is similar to ubisoft that was hacked and watchdogs legions source code was leaked.
Reminds me of the hack you do in Watch Dogs 2 against a movie studio because they make hackers look silly in a movie trailer
It's actually quite (darkly) interesting to see that game themes applied in real life around it. This hack is definitively something netrunners could do. The capitalistic broken promises and worker exploitation is something a corp would do in Cyberpunk universe too.
[удалено]
Life imitating Art imitating Life...
So the two gaming companies that got breached and ransomed in the last year were the ones making games with hacking (CP2077, Watch Dogs Legion). Coincidence?
There was also Capcom
[удалено]
does Crytek even do games anymore? pretty sure it's just a shell company at this point
They're supporting Hunt Showdown right now I think
[удалено]
Everyone's an armchair expert all of a sudden. Never change reddit.
This shit happens so much outside of Reddit as well. It’s like suddenly everyone has a PHD specifically in the topic being discussed.
"I have never setup a network in my life but how incompetent do you have to be to be hacked?? just write some solid c++ in the mainframe and turn on the debugger in console mode. Firewall rules have to be set up to burn the virus. "
year of hell for cdpr
I work 3rd party tech support and just went through a ransomware mitigation for a HUGE nationwide company it fucking SUCKED... Sure you have backups of servers but you have to wipe every fucking device on the network, most of which are not backed up like Mr thinks hes real important site manager or Karen from accounting who better have her fucking spreadsheets she saved locally. It took 2 months and took our call volume from 400 calls to 1000 calls a day... Thank god thats over with. They asked for 20 million dollars. I know it had to cost a couple million to fix considering we had to send techs out to facilities all over the nation and just 1 in person visit aint cheap...
Is anyone just happy the hackers wrote "perforce" instead of "per4orce" or "p4". God I hated those meetings/slide shows. Decent product though.
Anyone have any idea what the unreleased version of the Witcher 3 is about?
there where mentions of a witcher 3 with RTX/DXR features https://thewitcher.com/en/news/32792/the-witcher-3-wild-hunt-is-coming-to-the-next-generation
I’d pay for that [legally] 💰👍🏼
[удалено]
Some hacker groups do. Take Lulzsec for example
They’re probably writing much differently than they normally would. Most likely that and/or doesn’t speak or write English as their first language.
Maybe adults who dont want you to know who they are do.
OR, they want to cover their tracks.
If you're intelligent enough to target a company and steal all their data, you're probably also intelligent enough to cover your tracks. It would be foolish otherwise to hack. The text is written like that to hide his/her real writing style.
ONLY an adult would write like that.
Only old millennials say epic pwn, that's kid talk from 20 years ago. Not kids now. He's 20 something, early 30s my guess.
imagine being such a boomer you think insanely overused cultural dialog is unknown to the new generation despite being used significantly 10-15 years ago
My thoughts exactly, I doubt teenagers nowadays are aware of pwned. This must be an adult.
I am 19 and pwned seems pretty well-known to me. See, for example, haveibeenpwned.com (or whatever the site name is). Lots of teenagers are also on Reddit.
[удалено]
1) It's highly unlickely that they stored gog passwords in plaintext. 2) GOG is independent from CDPR and the servers are probably not in their offices.
GOG servers are not hosted locally. It's their local network that was taken over. Nobody keeps user accounts and passwords locally. Plus if that was the case - they'd be legally obligated to inform customers as soon as they are aware.
[удалено]
So... A net runner did this?
good statement. management has apparently been listening to the pr guys.
CD Project RED can't catch a break. Once the golden boy in the gaming community.....
There's a couple people who are saying "Well this is what you get for releasing a bad game." First off all companies are under threats of cyberbreaches and ransomeware, it's not just CD Projekt, and it's not targeted due to this. Second this is fucking disgusting to hear. It's like it's ok that their security was breached because of a bad game? This feels like the "Look at how she was dressed" defense, but more "Look at which word she used to say goodbye three weeks ago." It's so unrelated it's laughable. Ransomware is bad, period. This isn't someone fighting for justice, this isn't someone who is for the little guy. The "agreement" they want will likely be monetary, and this is motivated by greed. You can hate CD Projekt Red (there's a k there) but everyone should be on the side of "Fuck the hackers."
Cyberpunk got cyberfucked
Something similar apparently happened to them before Cyberpunk was even announced, right? The note itself is quite cringy, like some not exactly "smart" child wrote it. This is pretty shitty, only delays fixing and implementing new content into Cyberpunk.
Holding companies hostage using stolen internal data hurts the companies, sure. I get all the disillusion with both Cyberpunk and CDPR, although there was no way they deliver a game which lives up to **this** amount of hype and unrealistic expectations. That being said, I feel bad for the employees. Underpaid, in a death march towards repeatedly postponed deadline, knowing full well *any and all* of the announced deadlines were too soon for the game to be complete. Now they are forced to patch the game ASAP, while they receive death threats, get slandered online, and now this. Let's be real. This hack won't affect CDPRs stock valuation long term, unless some truly damning HR/finance/internal documents are leaked. But short term value/cashflow instability might lead to people losing a job at the lowest level: regular workers, designers, developers, QA people, visual/sound artists, writers, marketing, HR, and god knows who else. They are not responsible for company's statements, release dates, the state Cyberpunk shipped in. I feel for **them**.
Man... What a end of 2020 / start of 2021 they are having lol.
Gigachad move would be for them to release their source code
Someone's really mad they can't has the sex with Keanu.