Hacked data stolen from CD Projekt is circulating online. says the company. The studio behind it Cyberpunk 2077 and The Witcher 3 says it cannot confirm the exact contents of the data being disseminated, but believes it relates to its games, contractors, and both current and former employees. It also warned that the data may have been tampered with or tampered with.
The reveal comes four months after the studio first announced it had done so Victim of a ransomware attack. It was initially said that hackers had managed to access “certain data” of the company. CD Projekt published the ransom note claiming the hackers had access to the source code of its games, including Cyberpunk 2077, The Witcher 3, and Gwent. The note also states that the hacked data contains details about HR, accounting, and other internal operations.
The company said it would not give in to the hackers’ demands, and days later the attackers claimed to have sold the data on-line. The type of sale the hackers claimed was a buyer outside of one Hacking forum auction, begged the question of whether they could even find a buyer. Write in a blog entry, Emsisoft threat analyst Brett Callow said it was “likely” that the hackers only claimed to have found a buyer to “save face” after failing to monetize the hack.
CD project has previously approved that hackers could encrypt some of his employee data on his network. However, the company said its investigation found no evidence that the data had been transferred from the company’s systems.
The hack followed the troubled launch of the studio’s newest blockbuster title. Cyberpunk 2077. Although it sold well and was initially well received by critics, the players quickly realized that the game was riddled with bugs and almost unplayable on older consoles. The situation was so bad that it was the game pulled from PlayStation Store. As of now it is still back.
CD Projekt says it continues to work with law enforcement and outside experts in responding to the hack, saying it is “committed and ready” to take action against anyone who discloses the stolen data.