Hacked data stolen from CD Projekt is circulating online, the company says:. The studio behind Cyberpunk 2077 and The Witcher 3 says it cannot confirm the exact content of the data being distributed but believes it relates to its games, contractors and both current and former employees. It also warned that the data may have been tampered with or tampered with.
The revelation comes four months after the studio first disclosed it had been the victim of a ransomware attack. Initially, it said hackers had managed to access “certain data” of the company. CD Projekt posted the ransom note it received in which the hackers claimed to have access to the source code of its games, including: Cyberpunk 2077, The Witcher 3, and Gwent. The note also said the hacked data contained details related to HR, accounting and other internal operations.
The company said it would not yield to the hackers’ demands, and days later the attackers claimed to have sold the data online. However, the nature of the sale, where the hackers claimed to have found a buyer outside of a hacking forum auction, raised the question of whether they could find a buyer at all. Write in a blog postEmsisoft threat analyst Brett Callow said he thought it was “probable” that the hackers just claimed to have found a buyer to “save face” after failing to monetize the hack.
CD project has previously admitted that hackers could encrypt some of his employee data on his network. But the company said its investigation had found no evidence that the data had been transferred from the company’s systems.
The hack followed the difficult launch of the studio’s latest blockbuster title, Cyberpunk 2077. although it sold well and was initially well received by critics, players soon discovered that the game was riddled with bugs and nearly unplayable on older consoles. The situation was so bad that the game was pulled from the PlayStation Store. At the time of writing it is yet to return.
CD Projekt says it will continue to work with law enforcement and outside experts as it responds to the hack, saying it is “committed and willing” to take action against anyone sharing the stolen data.