Earlier this year, CD Projekt confirmed it had been hit by a “targeted cyber attack” that saw its internal systems compromised and sensitive information held to ransom. After CD Projekt said it would not comply with the group’s demands, the hackers announced that source code for Cyberpunk 2077, Gwent and an unreleased version of The Witcher 3 would be auctioned to the highest bidder, and source code for Gwent was publicly leaked.
At the time, the hackers claimed they had received a satisfying offer for the information, and the auction was then closed with a condition of “no further distribution” agreed with the buyer. But that stolen data now appears to have resurfaced, with source code, assets and software development kits for platforms including the PlayStation 5 seemingly being shared online. Eurogamer has also seen internal development videos showing work-in-progress builds of Cyberpunk 2077.
According to security blog DataBreaches.net, earlier this week a threat actor group decided to release CD Projekt’s information in order to promote its new leaks platform. A note from the hackers was also discovered by security software provider Emsisoft back in March (via IT Pro), and an uncensored version of this was shared on 4chan yesterday (the link provided in the note no longer works, but the data is now being shared elsewhere). The note claims the release of the stolen information is part of a “charity fundraising” effort – although as the group is asking for payment in cryptocurrency, there’s no way to guarantee that’s actually going to a good cause.
Source code folders for Thronebreaker, The Witcher 3, The Witcher 3’s re-release with ray tracing, and Cyberpunk 2077 have seemingly been released in encrypted folders, with the group asking for a $10k “donation” to unlock each one. The note also claims that sensitive information such as “CDPR data, company reports, NDA” will not be leaked to the public, and will only be shown to the media. The data dump apparently included unencrypted software development kits (SDKs) for “ps4/ ps5/ switch/ xboxX [sic]” to prove the leak’s legitimacy, with some users on 4chan and ResetEra claiming to have accessed these files. SDKs are essentially tools and resources provided by platform holders to help developers, well, develop games for a particular hardware platform.
It seems passwords have now been given out or cracked for some of the archives, as internal videos of Cyberpunk 2077 are being shared in private channels. So far, these seem to be fairly silly clips made by the developers – likely only intended to be shared internally. I’ve seen one showing an internal build from September 2019 featuring a crumpled NPC rolling around on the floor, with the X-Files theme playing over the top. Other videos and images show model swaps with chickens, and one shows Arasaka soldiers jiggling to the sound of viral song Harlem Shake.
Eurogamer contacted CD Projekt for comment on the release of the stolen data, but is yet to hear back at time of writing.
While the more serious elements of this leak such as source code, SDKs and unreleased assets do not yet appear to be in common circulation, it’s likely only a matter of time before more of the stolen information bubbles up onto forums and social media. It’s unclear why the stolen data is now being released following the auction – the note does mention that the leak is “in accordance with the buyer in exchange for a discount”, so it’s possible some form of timed-exclusive access was agreed with the buyer. The ransomware attack has already proved to be a nightmare for CD Projekt, with sensitive data compromised and developers at one point left locked out of their workstations. It seems likely we’ll hear plenty more about this leak in the days and weeks to come.