Earlier this week, CD Projekt Red issued a statement that the studio would not be caving to demands of a hacking group that stole source code from Cyberpunk 2077, Gwent, and The Witcher 3. After its statement went public, the hacking group has reportedly sold off the data they obtained.
Kela is a cybersecurity firm that just posted a few screenshots from a forum that revolves around hacked data called Exploit. It is in those screenshots of an auction of the alleged collected data with the result being a request from the buyer in question. According to both Kela and another cybersecurity account called ‘vxunderground’, the auction is closed and the data has effectively been sold.
Just in: #CDProjektRed AUCTION IS CLOSED. #Hackers auctioned off stolen source code for the #RedEngine and #CDPR game releases, and have just announced that a satisfying offer from outside the forum was received, with the condition of no further distribution or selling. pic.twitter.com/4Z2zoZlkV6
— KELA (@Intel_by_KELA) February 11, 2021
Update: we have confirmed the auction has closed. Someone has indeed purchased the material.
Image courtesy of @DrFurfagMD pic.twitter.com/TnQVqTiM5w
— vx-underground (@vxunderground) February 11, 2021
For context, the news of the data hacking broke on February 9 when CD Projekt Red posted a screenshot of the message it received regarding the stolen data. “We will not give in to the demands nor negotiate with the actor, being aware that this may eventually lead to the release of the compromised data,” responded CDPR. “We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.”
The Polish studio is in talks with local law enforcement and the president of the Personal Data Protection Office as part of an ongoing investigation. It’s unclear who purchased the breached data but according to the initial threat, it also includes an unreleased version of The Witcher 3 and documentation that could mean immense harm to the developers that work at the studio.
Also included in the data breach is personal developer information, source coding for the games themselves, and more. The details of the contents aren’t public at this time, but this sale could change that in the near future.
[Source: Kela via The Verge]