CD Projekt Red’s stolen data has reportedly been sold off by hackers
Recently, we reported that CD Projekt Red’s servers had been compromised by a ransomware attack. Company HR documents, as well as the source code for Cyberpunk 2077 and The Witcher 3, were swiped as part of the attack. The attackers in question then allegedly chose to list the code for auction on hacking forum Exploit.
Now, the auction has been closed, according to Cybersecurity company Kela. The firm announced its findings on Twitter, noting that hackers have sold off the source code for Red Engine, as well as numerous CD Projekt Red games, to an anonymous third party.
We don’t know how much the deal was worth, but the hackers reportedly asked for $7 million as a buyout (the bidding started at $1 million, however), so we assume they received at least that much. There was a condition attached to the deal, though: as part of the transaction, the hackers are barred from re-selling the data to any other parties.
It’s unclear whether or not the hackers will abide by those terms, or what the consequences of breaking their word would be.
Either way, this is bad news for CD Projekt Red. Assuming they weren’t involved in the purchase of the data (this is one of the more popular, if outlandish, theories we’ve seen), their trade secrets are effectively in the hands of an unknown person or group.
Though Cyberpunk 2077 has its fair share of issues, we certainly aren’t going to dance on CD Projekt Red’s metaphorical grave here. Love or hate the studio, their developers poured their blood, sweat, and tears into the games they’ve made, as well as the code behind them — having all of that work exposed could be a devastating loss.
We’ll keep you updated if the code surfaces anywhere else, but for now, it seems this saga has come to a close.