CD Projekt Red’s Source Code Circulating Online
The source code that was stolen in a major Cyberattack from CD Projekt Red earlier this year is now being circulated online.
As we have previously reported, the game developer CD Projekt Red was hacked in a major cyberattack earlier this year with Cyberpunk 2077 source code being stolen as well as some sensitive employee and contractor information. The company has now confirmed that this source code is being leaked and subsequently circulated online.
After the attack and subsequent theft of source code for games including Gwent, The Witcher 3: Wild Hunt, and Cyberpunk 2077, the hackers promised to reveal the material unless the studio paid a ransom, which it refused to do.
The hackers, true to their word, began releasing the code, which CD Projekt Red attempted to keep under wraps with DMCA takedown notices.
Earlier this month databreaches.net reported that the stolen data is now “In the wild”. The source code according to them ranged from source code to internal “comedy bug reels” and that anyone who wanted to get access to this information can now do that.
CD Projekt Red made a statement on Thursday confirming this saying: “We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games.
Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach. Currently, we are working together with an extensive network of appropriate services, experts, and law enforcement agencies, including the General Police Headquarters of Poland.
We have also contacted Interpol and Europol. The information we shared in February with the President of the Personal Data Protection Office (PUODO) has also been updated.
We would also like to state that—regardless of the authenticity of the data being circulated—we will do everything in our power to protect the privacy of our employees, as well as all other involved parties. We are committed and prepared to take action against parties sharing the data in question.”
In our original article, we mentioned that the codes were put up for auction on the dark web for $1 million and a buy now price of $7million, but pulled this offer after receiving a higher offer from an outside buyer.
Then on the 31st of May that data had been shared online but was password protected and the passwords could be bought for a donation of $10. The group calling themselves “HelloKitty” apparently also posted the source code for the Gwent card game online before the auction earlier this year.
Electronic Arts also confirmed yesterday that it had experienced a significant data breach in which hackers stole the source code for FIFA 21, the matchmaking server for the game, source code, and tools for the Frostbite engine, which powers games like Battlefield, as well as proprietary EA frameworks and software development kits.
We have been following this story from the beginning and the consensus here is that the hackers are winning this war despite the efforts and the companies getting help from the “relevant authorities”, the data is still being leaked. This could be the time to beef up security within the companies themselves to prevent these major data breaches from happening in the future.