Stolen Cyberpunk and Witcher data reportedly sold after ‘$7 million auction’ | VGC
Stolen Cyberpunk and Witcher data reportedly sold after ‘$7 million auction’ | VGC
Data allegedly includes source code files for the RedEngine and multiple games
1 day ago
Data stolen from Polish studio CD Projekt Red in a cyber attack has reportedly been sold.
The data included the source code files for CD Projekt Red’s game development engine, RedEngine, and titles including The Witcher 3: Wild Hunt, an upcoming
ray-traced version of The Witcher 3, Thronebreaker: The Witcher Tales and the recently released Cyberpunk 2077, according to
vx-underground.
The data was originally
put up for auction on the dark web with a starting price of $1 million and a buy now price of $7 million, but the seller pulled the lot, with the condition of no further distribution or selling, after receiving an outside offer which was deemed to be satisfactory, cyber intelligence firm
Kela reported.
The ransomware attack on CD Projekt Red was allegedly carried out by a group called HelloKitty, which is said to have posted the source code of CD Projekt Red’s Gwent card game online prior to the auction.
Stolen data included source code for the upcoming
ray-traced version of Witcher 3
CD Projekt Red first revealed on Monday that it had
fallen victim to a targeted cyber attack. In a statement, the developer said some of its internal systems had been compromised and “certain data” stolen.
In an apparent ransom note published alongside the statement, the culprits claimed they had stolen source code for the aforementioned games as well as documents relating to the company’s accounting, legal, HR and more.
If CD Projekt Red did not “come to an agreement” with them within 48 hours, the culprits said they would sell or leak the content.
CD Projekt Red said it would not give in to the demands and that it had approached relevant authorities including law enforcement and IT forensic specialists.
“We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach,” it said.
“We are still investigating the incident, however at this time we can confirm that – best to our knowledge – the compromised systems did not contain any personal data of our players or users of our services.”
On Tuesday, the company also released a
statement addressed to its former employees, in which it claimed that, “as of this moment, we don’t possess evidence that any of your personal data was accessed.”
The cyber attack caps off a torrid few months for CD Projekt, which released the highly anticipated Cyberpunk 2077 in December 2020 with
a host of technical problems, most notably on last-gen consoles, resulting in
refunds being offered and the title
being pulled from the PlayStation Store.
The company is also
facing class-action lawsuits brought against it by investors over Cyberpunk 2077’s troubled launch, who claim that the company misrepresented the title.
Last month CD Projekt’s co-founder and joint CEO
Marcin Iwinski issued a public apology for Cyberpunk 2077’s troubled launch and outlined the company’s commitment to improving the game over the coming months via a series of performance-enhancing patches, which will be followed by DLC and a next-gen update later this year.