It's bad they got hacked but +1 to CDPR for actually having functional offline backups and not paying a ransom. If everyone did this, this dumb Bitcoin ransomware problem would be solved already.
While everyone should obviously have good backup routines*, following basic security practices would also effectively block practically all such attacks;
- Keeping systems up to date (especially servers, firewalls etc.)
- Not running Windows for servers
- Restricting access to resources on a per user basis (not common universal passwords for everyone), this also allows revoking access easily when someone leaves.
- Have segmented networks, firewalls or VPNs controlling how and which computers can access each other.
And most importantly, you do security in layers. Sooner or later, one layer may be compromised, so detection and damage control is essential. Far too many companies operate in a way where just a virus or a bad actor on any computer can steal or damage everything. Many companies with thousands of employees have been hurt by a single compromised computer, if basic security practices were followed, this wouldn't be possible.
But often, the damage from accidents or incompetence can probably be even worse. I know of a concrete case where a sysadmin at one company typed
rm in the wrong folder on their main source repository server! Oops, hundreds of projects gone. Luckily they had daily backups, but still, there were a lot of work lost for thousands of engineers.
*)
Some things may be hard to have up to date backups of, or loss of even a few hours of work can sometimes be very costly.
Maybe the hackers can fix CP2077.
Just give them 10.000 man hours, and then maybe…
The flaws of this game is severe to be fixed by a few tweaks.
Is stolen code really something that actually matters? I mean, do people compile their own games? I kind of doubt that. And if it allows hackers to crack things ... so what? They always find a way. Just patch it. Given that the game is sold DRM-free on GOG it's not like piracy is much of a concern for CDPR. So ... what, exactly, do they stand to lose from people having access to a bunch of source code?
I think this fear is mostly old thinking that source code is incredibly valuable and thinking that competitors would "steal" it and use it for competing products.
But source code isn't something that so is easily adapted to other projects. Even if your project have a super smart algorithm that I want, chances are that it will be harder for me to integrate yours than to write my own. And I would argue, the bigger the source, the harder it is to adapt it to your own purpose. In software engineering there is a lot of specific knowledge known only those who have written the source. If someone get their hands on a completed game engine, it would take them years to get familiar with the code base and redesign it to fit their own needs. By that time, does it really matter that much?
(Leaking an unfinished product is different though)
Major source code leaks has happened for years, both for games, Windows itself and even hardware designs (from Nintendo). I haven't seen the immediate emergence of cloned/derived software from any of these.
I hope we can get to a point where it's more common that game source code is available (but not necessarily free). It can still be protected by copyright, so if another company uses it without permission they can still sue. And if some random guy uses it, who cares, really? Companies have a lot to gain from embracing their enthusiast bases, they can provide a lot of cool additions or improvements to a product, for free.
I recall a lootbox, MTX, skins, seasonal content, chapter-based releases, dailies, weeklies, monthlies, seasonal events, etc etc etc ad infinitum. That is also why those older concepts also work so well on the mobile space. Lots of new, gullible gamers. And the worst thing of it is, many of them have never known how glorious and worry/money free gaming could actually be. 'Pay 10 bucks to reset a timer that you're going to see a few hundreed more times' - and people do it.
