Pirated data stolen from CD Projekt circulates online, the company says. The workshop behind Cyberpunk 2077 and The Witcher 3 says it can’t confirm the exact content of the data released, but believes it to be its games, contractors, and current and former employees. He also warned that the data could have been manipulated or tampered with.
The disclosure comes four months after the studio first announced it had victim of ransomware attack. He first said that hackers had managed to gain access to “certain data” of the company. CD Projekt released the ransom note it received in which hackers claimed to have access to the source code of its games, including Cyberpunk 2077, The Witcher 3, and Gent. The memo also said the hacked data included details about its HR, accounting and other internal operations.
The company said it would not give in to the hackers’ demands, and a few days later the attackers claimed to have sold the data online. However, the nature of the sale, in which the hackers claimed to have found a buyer outside of a auction hacking forum, raised questions as to whether they were able to find a buyer. Write in a blog postEmsisoft threat analyst Brett Callow said he thought it was “likely” that hackers would simply claim to have found a buyer to “save face” after failing to monetize the hack.
The CD project has previously admitted that hackers were able to encrypt some of his employee data on his network. But the company said its investigation found no evidence the data had transferred out of the company’s systems.
The hack followed the troubled launch of the studio’s latest hit title, Cyberpunk 2077. Even though he well sold and was initially well received by critics, gamers quickly discovered that the game was riddled with bugs and nearly unplayable on older consoles. The situation was so bad that the game was from the PlayStation Store. At the time of this writing, it is no return yet.
CD Projekt said it continued to work with law enforcement and outside experts to respond to the hack, and said it was “committed and ready” to take action against anyone sharing the stolen data.