CD Projekt Red's stolen data has reportedly been sold off by hackers

Polycount

Posts: 2,840   +574
Staff member
The story so far: Recently, we reported that CD Projekt Red's servers had been compromised by a ransomware attack. Company HR documents, as well as the source code for Cyberpunk 2077 and The Witcher 3, were swiped as part of the attack. The attackers in question then allegedly chose to list the code for auction on hacking forum Exploit.

Now, the auction has been closed, according to Cybersecurity company Kela. The firm announced its findings on Twitter, noting that hackers have sold off the source code for Red Engine, as well as numerous CD Projekt Red games, to an anonymous third party.

We don't know how much the deal was worth, but the hackers reportedly asked for $7 million as a buyout (the bidding started at $1 million, however), so we assume they received at least that much. There was a condition attached to the deal, though: as part of the transaction, the hackers are barred from re-selling the data to any other parties.

It's unclear whether or not the hackers will abide by those terms, or what the consequences of breaking their word would be.

Either way, this is bad news for CD Projekt Red. Assuming they weren't involved in the purchase of the data (this is one of the more popular, if outlandish, theories we've seen), their trade secrets are effectively in the hands of an unknown person or group.

Though Cyberpunk 2077 has its fair share of issues, we certainly aren't going to dance on CD Projekt Red's metaphorical grave here. Love or hate the studio, their developers poured their blood, sweat, and tears into the games they've made, as well as the code behind them -- having all of that work exposed could be a devastating loss.

We'll keep you updated if the code surfaces anywhere else, but for now, it seems this saga has come to a close.

Permalink to story.

 

psycros

Posts: 3,384   +3,855
Anywhere in the western world, if any game pops up that uses that stolen code CDPR can quickly have authorities block its distribution. There are a number of tools that can detect copied code even in fully compiled files.
 

noel24

Posts: 717   +850
CDPR made one botched launch on last-generation, obsolete hardware.

This still compares favorably to the likes of EA or Ubisoft.
Listen, My post was kinda sarcastic, I'm a massive fan of W3, huge fan of W2 and considering the budget and technical restraints, I consider W1 to be one of the best games in history. But with CP77 They went too far. They lost the touch with reality. Most of skilled devs left the studio after W3, due to crunch and what not. CP77 story is amazing but They must have known They are building a dud that They thought They will fix later. They went along with the skim to keep the shares value high and now pay the price. In 2019, before COVID hit my income, I genuinely believed CP77 will Be my first game to ever preorder. It did not happen, and While I should feel satisfied, I 'm kinda feel sorry. Like the Evan McGregor's Obi Wan, I feel like "You Were The Chosen One".
 

m4a4

Posts: 2,278   +2,458
TechSpot Elite
Yeah, unless you take the source code somewhere out of reach of legal repercussions, I don't see how you're making back any of that money. So I'm wondering who was dumb enough to get anywhere close to what they're asking.

Lets hope they get caught and can't spend the money lol
 

BSim500

Posts: 783   +1,703
Anywhere in the western world, if any game pops up that uses that stolen code CDPR can quickly have authorities block its distribution.
"Anywhere in the Western World" is the issue though (definitely expect the Cyberpunk equivalent of "Sunbucks Coffee" (link) on China's internal market)... And if the code for the multi-player part also got stolen, then also expect some high-grade Day 1 cheating tools out there on every market.
 

Peter Farkas

Posts: 532   +378
Anywhere in the western world, if any game pops up that uses that stolen code CDPR can quickly have authorities block its distribution. There are a number of tools that can detect copied code even in fully compiled files.
It may be CDPR buying it back. This way they won't be scrutinized for paying the ransom and their source code won't spread across the world.
 

terzaerian

Posts: 744   +1,072
It may be CDPR buying it back. This way they won't be scrutinized for paying the ransom and their source code won't spread across the world.
Either way I hope CDPR survives this because the goings-on around C77 have been incredibly cyberpunk - malware infected mods taking over user's PCs, hackers breaking into company servers and selling stolen code on the dark web, flame wars over model swapping prostitutes with Hideo Kojima... **** is truly bananas, like a William Gibson novel come to life
 

Kosmoz

Posts: 137   +222
IF CDPR didn't buy it back, would it be too far fetched to say that maybe a competitor bought the source code? Like Ubi or EA or one of the others? Would they need it or find a good use for that? Reverse engineering it, or something...

I'm just asking as a curiosity...
 

BSim500

Posts: 783   +1,703
It may be CDPR buying it back. This way they won't be scrutinized for paying the ransom and their source code won't spread across the world.
Problem is, it's nothing like blackmailing a ransom payment for a kidnapped person where there's only one "original" and once they're back, they're back. In this case, the seller will certainly be using an anonymised payment method so there'd be no legal contract / way of enforcing "in exchange for the payment you guarantee you won't just take the money anyway and release it / resell it to someone else at a later date (or demand additional payments)..."
 

0dium

Posts: 193   +226
Either way I hope CDPR survives this because the goings-on around C77 have been incredibly cyberpunk - malware infected mods taking over user's PCs, hackers breaking into company servers and selling stolen code on the dark web, flame wars over model swapping prostitutes with Hideo Kojima... **** is truly bananas, like a William Gibson novel come to life
I'm wondering the same thing. Using their code would get obvious. Big companies have the resources to make their own engines, smaller ones would rather use something like unreal or cryengine
 

Angga B

Posts: 129   +113
Only certain east asian game developers would want to use the code and IP for developing their own products, which may also only sold domestically, without caring so much on every risk and consequences any western companies may have with such daring act.
 

Reehahs

Posts: 1,159   +796
Is there honour among thieves? Hackers got the code illegally. They sold it at an auction. I highly doubt they will be honouring the no further sale clause.