CD Projekt warns leaked stolen data may include employee details

CD Projekt has said it has reason to believe that data stolen in a cyberattack earlier this year is now being circulated online – and that it may include “current/former employee and contractor details”.

Data stolen from CD Projekt Red in February reportedly leaked online this month, including the source code for Cyberpunk 2077, The Witcher 3 and more.

“We are not yet able to confirm the exact contents of the data in question, though we believe it may include current/former employee and contractor details in addition to data related to our games,” CD Projekt said in a statement released on Thursday.

“Furthermore, we cannot confirm whether or not the data involved may have been manipulated or tampered with following the breach.

“Currently, we are working together with an extensive network of appropriate services, experts, and law enforcement agencies, including the General Police Headquarters of Poland. We have also contacted Interpol and Europol. The information we shared in February with the President of the Personal Data Protection Office (PUODO) has also been updated.

“We would also like to state that—regardless of the authenticity of the data being circulated—we will do everything in our power to protect the privacy of our employees, as well as all other involved parties. We are committed and prepared to take action against parties sharing the data in question.”

Further reading

2

Stolen CD Projekt data including Cyberpunk’s source code has reportedly leaked

The data was originally said to have been sold at auction earlier this year

The stolen data was said to include the source code files for CD Projekt Red’s game development engine, RedEngine, and titles including The Witcher 3: Wild Hunt, an upcoming ray-traced version of The Witcher 3, Thronebreaker: The Witcher Tales and Cyberpunk 2077.

The data was originally put up for auction on the dark web with a starting price of $1 million and a buy now price of $7 million, but the seller pulled the lot, with the condition of no further distribution or selling, after receiving an outside offer which was deemed to be satisfactory, cyber intelligence firm Kela reported.

Databreaches.net claimed on May 31 that the same data from the CD Projekt breach had been shared online. According to an alleged text file posted on the Resetera forum, the files were password protected, with the password being shared with users in exchange for a $10 donation.

It’s claimed that the group in possession of the data shared software developer kits for PS4, PS5, Switch and Xbox Series X without password protection in order to prove its legitimacy. One Resetera user claimed to have obtained these files.

The ransomware attack on CD Projekt Red was allegedly carried out by a group called HelloKitty, which is said to have posted the source code of CD Projekt Red’s Gwent card game online prior to the auction earlier this year.

The culprits claimed they had stolen source code for the aforementioned games as well as documents relating to the company’s accounting, legal, HR and more.

If CD Projekt Red did not “come to an agreement” with them within 48 hours, the culprits said they would sell or leak the content.

CD Projekt Red said it would not give in to the demands and that it had approached relevant authorities including law enforcement and IT forensic specialists.

Electronic Arts also confirmed on Thursday that it has suffered a significant data breach in which hackers stole the source code for FIFA 21, code for the game’s matchmaking server, source code and tools for the Frostbite engine which powers games including Battlefield, plus proprietary EA frameworks and software development kits.