CD Projekts stolen source code, internal dev videos reportedly being shared online

CD Projekt Red confirmed that it had been hit by a “targeted cyber attack earlier this year. They stated that its internal systems were compromised and sensitive information was held to ransom. After CD Projekt Red did not give in to the group’s demands, the hackers announced that the source code for games such as Cyberpunk 2077 and an unreleased version of The Witcher 3 would be traded to the highest bidder. They also leaked the source code for Gwent.

The stolen data now appears to have resurfaced. As reported by security blog DataBreaches.net, a threat actor group decided to release the stolen data in order to advertise its new leaks platform. A note claiming the release of the stolen information is part of a “charity fundraising” effort from the hackers was also discovered by security software provider Emsisoft. 

Source code folders for The Witcher 3, Thronebreaker, Cyberpunk 2077 and The Witcher 3’s re-release with ray tracing have been released in encrypted folders, with the group asking for a “donation” of $10k to unlock each folder. The note also allegedly stated that sensitive information such as CDPR data, company reports and NDA forms will not be leaked to the public, but will only be shown to the media. The data dump apparently also included unencrypted software development kits (SDKs) for the PS4,  PS5, Nintendo Switch and Xbox X  to prove the leak’s validity. 

It is important to note that the passwords have now been given out or cracked for some of the folders, as some internal videos of Cyberpunk 2077 are being shared in private channels.

While the more serious elements of this leak such as the source code, SDKs and unreleased assets do not yet appear to be in common circulation, it’s likely only a matter of time before more of the stolen information pops up onto social media or forums. It’s also not clear why the stolen data is being released following the auction. The note did mention that the leak is in accordance with the buyer in exchange for a discount, so it’s feasible some form of timed-exclusive access was agreed with the buyer. The ransomware attack has already proved to be a nightmare for CD Projekt Red, with sensitive data compromised and developers at one point were left locked out of their workstations. 

Share:

More Posts

Market Research

Pulse Surveys

Turn feedback into action

Our survey platform makes it easy to measure and understand feedback so you can drive growth and innovation

Pulse Handshak

Pulse Handshak

Collaborative online survey tool for the market research industry. Remote assisted surveying just like face-to-face interviews. Here interviewers can talk to the respondent over the web-console without the need for any other communication channel and share the same Q're with responses and click actions.

Pulse FE

Pulse FE

Pulse Field Expert or Pulse FE is the main platform for both offline and online survey at softofficepro.com. It is robust and used by hundreds of clients over tens of years with millions of responses. Do it once Q're and deploy on both offline devices (android) and online forms makes it a great cost effective platform for any kind of responses

Pulse Ultimate

Pulse Ultimate

Pulse Ultimate is targeted for tracking studies and retail audits. An offline survey system offering extreme field control including processes like data quality check, back-check, rework, comparison with previous wave data etc. helps to get the best results on a day-to-day basis

Pulse LS

Pulse LS

Use a managed Limesurvey and our expertise for creating complex forms and token based user management. Use optional mailing system to send survey invitation to each participant and track progress of the response status. Industry standard SPSS / R output supported