Skip to main content

CD Projekt Red hackers have reportedly started leaking their stolen data

Cyberpunk 2077
(Image credit: CD Projekt)

Earlier this week, CD Projekt Red announced that hackers had infiltrated its networks and made off with various internal documents and game source code, which the culprits threatened to release to the public unless a ransom was paid. Instead, the studio went public, vowing that it "will not give in to the demands nor negotiate" with the thieves, despite acknowledging "that this may eventually lead to the release of the compromised data."

Sure enough, that now appears to be happening. CyberNews, "a research-based online publication" that focuses on digital security, says the source code for CD Projekt's card game Gwent was posted to a hacking website on February 10 under the heading "CDProject Leak #1." Links to the leaked information on sites including Mega.nz and 4chan are now inactive, but the site was able to get a copy of the archive and said that the metadata indicates that it was taken on February 6, two days before CD Projekt Red "became aware" of the attack.

The title of the archive obviously suggests that there's more to come, and so does a readme file found inside, which warned that a second leak would occur the following day—which is now today.

CD Projekt Red said that the hackers were also able to encrypt some devices on its network, although it was able to secure its IT infrastructure shortly after the attack and had begun restoring the locked data from backups. The CyberNews report says the author of the forum post linking to the leaked data has previously written about the open-source ransomware Cobalt Strike as well as other topics indicating that they have the skills and tools required to pull off a successful ransomware attack, and cybersecurity expert Luca Mella told the site that he believes the perpetrator is related to the ransomware group HelloKitty, echoing thoughts expressed shortly after the hack by Emisoft chief technology officer Fabian Wosar.

See more

"This could mean the group is quite new and potentially growing fast after the compromise of such a high value victim," Mella said. "Many other younger affiliate may join their operations after this. CD Projekt is really popular and widely discussed among underground and gaming communities."

While known links to the leaked data have been disabled, Mella added that the archive has already been downloaded by many others, some of whom are now trying to extort their own payments. One "threat actor" who is not the author of the forum post disclosing the first leak said the source codes for The Witcher 3: Wild Hunt, Thronebreaker, and Cyberpunk 2077 would be released today, February 11. Instead of a leak to online archives, however, this information will apparently be auctioned off—anyone who wishes to get in on the action will, according to the post, have to make a deposit of 0.1 Bitcoin, which at the moment works out to about $4,800.

I've reached out to CD Projekt for comment on the report, and will update if I receive a reply.

Thanks, VG247.

Andy covers the day-to-day happenings in the big, wide world of PC gaming—the stuff we call "news." In his off hours, he wishes he had time to play the 80-hour RPGs and immersive sims he used to love so much.