The story around CD Projekt Red apparently came to a preliminary conclusion. According to recent reports, The Witcher 3 and Cyberpunk 2077 stolen source code in a hack was successfully sold. The condition was apparently that the data would not be disseminated further.
During the week, CD Projekt Red announced that the company’s servers had been hacked, exposing sensitive data to unknown attackers. GOG’s customer data is apparently not affected. However, the hackers were able to steal the source code of current productions.
The data includes the source codes of CD Projekt Red’s game development engine RedEngine and titles like The Witcher 3: Wild Hunt and Thronebreaker: The Witcher Tales, an upcoming ray-traced version of The Witcher 3, and the recent one published Cyberpunk 2077. There were also documents from the areas of accounting, administration, law, and investor relations.
The hackers demanded a kind of ransom from CD Projekt, otherwise, the data would be sold. It seems that this threat has now been implemented.
According to VGC, the data should be auctioned on the dark web with a starting price of $1 million and a buy-now price of $7 million. The seller stopped the auction because an outside offer was made. Included was the condition not to further disseminate or sell the data, according to VGC in relation to information from the cyber intelligence company Kela.
The ransomware attack on CD Projekt Red was allegedly carried out by a group called HelloKitty. And even before the auction, the source code of CD Projekt Red’s card game Gwent was published – presumably to increase the pressure.
It is unclear who is now in possession of the source code mentioned above. However, it was suspected that CD Projekt Red made a bid itself in order to minimize the damage. However, in the course of the notification of the hack, the company emphasized that, despite the fulfillment of the requirements, it was by no means guaranteed that the source codes would come into circulation.
Instead, the company contacted the relevant authorities, including law enforcement and IT forensic experts. “We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach,” it said.
The cyber attack comes at a very inopportune time for CD Projekt. The eagerly awaited Cyberpunk 2077 had to take a lot of criticism last year and was even removed from the PlayStation Store due to its shortcomings. The company’s share price almost halved. And there are justified fears that the reputation built up with The Witcher 3 could be damaged over the years.