CD Projekt's stolen source code, internal dev videos reportedly being shared online
News

CD Projekt's stolen source code, internal dev videos reportedly being shared online

Aneesh A S  | Published on 16 Jun 2021

CD Projekt Red confirmed that it had been hit by a "targeted cyber attack earlier this year. They stated that its internal systems were compromised and sensitive information was held to ransom. After CD Projekt Red did not give in to the group's demands, the hackers announced that the source code for games such as Cyberpunk 2077 and an unreleased version of The Witcher 3 would be traded to the highest bidder. They also leaked the source code for Gwent.

The stolen data now appears to have resurfaced. As reported by security blog DataBreaches.net, a threat actor group decided to release the stolen data in order to advertise its new leaks platform. A note claiming the release of the stolen information is part of a "charity fundraising" effort from the hackers was also discovered by security software provider Emsisoft. 

CD Projekt Red

Source code folders for The Witcher 3, Thronebreaker, Cyberpunk 2077 and The Witcher 3's re-release with ray tracing have been released in encrypted folders, with the group asking for a "donation" of $10k to unlock each folder. The note also allegedly stated that sensitive information such as CDPR data, company reports and NDA forms will not be leaked to the public, but will only be shown to the media. The data dump apparently also included unencrypted software development kits (SDKs) for the PS4,  PS5, Nintendo Switch and Xbox X  to prove the leak's validity. 

It is important to note that the passwords have now been given out or cracked for some of the folders, as some internal videos of Cyberpunk 2077 are being shared in private channels.

While the more serious elements of this leak such as the source code, SDKs and unreleased assets do not yet appear to be in common circulation, it's likely only a matter of time before more of the stolen information pops up onto social media or forums. It's also not clear why the stolen data is being released following the auction. The note did mention that the leak is in accordance with the buyer in exchange for a discount, so it's feasible some form of timed-exclusive access was agreed with the buyer. The ransomware attack has already proved to be a nightmare for CD Projekt Red, with sensitive data compromised and developers at one point were left locked out of their workstations. 

Tags:
CD Projekt Red

Related Articles

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership — the 9.9 kind Building a leading media company out of India. And, grooming new leaders for this promising industry

DMCA.com Protection Status