CD Projekt Red hackers have reportedly started leaking their stolen data

Cyberpunk 2077
(Image credit: CD Projekt)

Earlier this week, CD Projekt Red announced that hackers had infiltrated its networks and made off with various internal documents and game source code, which the culprits threatened to release to the public unless a ransom was paid. Instead, the studio went public, vowing that it "will not give in to the demands nor negotiate" with the thieves, despite acknowledging "that this may eventually lead to the release of the compromised data."

Sure enough, that now appears to be happening. CyberNews, "a research-based online publication" that focuses on digital security, says the source code for CD Projekt's card game Gwent was posted to a hacking website on February 10 under the heading "CDProject Leak #1." Links to the leaked information on sites including and 4chan are now inactive, but the site was able to get a copy of the archive and said that the metadata indicates that it was taken on February 6, two days before CD Projekt Red "became aware" of the attack.

The title of the archive obviously suggests that there's more to come, and so does a readme file found inside, which warned that a second leak would occur the following day—which is now today.

CD Projekt Red said that the hackers were also able to encrypt some devices on its network, although it was able to secure its IT infrastructure shortly after the attack and had begun restoring the locked data from backups. The CyberNews report says the author of the forum post linking to the leaked data has previously written about the open-source ransomware Cobalt Strike as well as other topics indicating that they have the skills and tools required to pull off a successful ransomware attack, and cybersecurity expert Luca Mella told the site that he believes the perpetrator is related to the ransomware group HelloKitty, echoing thoughts expressed shortly after the hack by Emisoft chief technology officer Fabian Wosar.

See more

"This could mean the group is quite new and potentially growing fast after the compromise of such a high value victim," Mella said. "Many other younger affiliate may join their operations after this. CD Projekt is really popular and widely discussed among underground and gaming communities."

While known links to the leaked data have been disabled, Mella added that the archive has already been downloaded by many others, some of whom are now trying to extort their own payments. One "threat actor" who is not the author of the forum post disclosing the first leak said the source codes for The Witcher 3: Wild Hunt, Thronebreaker, and Cyberpunk 2077 would be released today, February 11. Instead of a leak to online archives, however, this information will apparently be auctioned off—anyone who wishes to get in on the action will, according to the post, have to make a deposit of 0.1 Bitcoin, which at the moment works out to about $4,800.

I've reached out to CD Projekt for comment on the report, and will update if I receive a reply.

Thanks, VG247.

Andy Chalk

Andy has been gaming on PCs from the very beginning, starting as a youngster with text adventures and primitive action games on a cassette-based TRS80. From there he graduated to the glory days of Sierra Online adventures and Microprose sims, ran a local BBS, learned how to build PCs, and developed a longstanding love of RPGs, immersive sims, and shooters. He began writing videogame news in 2007 for The Escapist and somehow managed to avoid getting fired until 2014, when he joined the storied ranks of PC Gamer. He covers all aspects of the industry, from new game announcements and patch notes to legal disputes, Twitch beefs, esports, and Henry Cavill. Lots of Henry Cavill.