For a starting bid of $1 million USD.
UPDATE (2/10/21, 11:42 p.m. EST): CD Projekt Red has recently been involved in a cyberattack where the original source code for Cyberpunk 2077, The Witcher 3 and Gwent, among other internal data, were stolen. The perpetrators left a note threatening to sell the stolen data if CD Projekt Red didn’t agree to pay their ransom within 48 hours. Now, it looks like the hackers are taking action by auctioning off the source codes.
CD Projekt Red took a strong stance with the public statement: “we will not give into the demands nor negotiate with the actor, being aware that this may eventually lead to the release of compromised data.” According to sources, the hackers have surfaced on a Russian hacking forum called Exploit. A user by the name of redengine has claimed to have the source code for Cyberpunk 2077, The Witcher: Wild Hunt and Thronebreaker: The Witcher Tales and will be selling off the data today with a starting bid of $1 million USD but will also accept a flat payment of $7 million USD. Some users have already reported seeing small bits of CD Projekt Red’s files surfacing online, which could be the work of the perpetrators.
ORIGINAL STORY (2/9/21, 11:26 p.m. EST): CD Projekt Red, developers of Cyberpunk 2077, has recently fallen victim to a recent cyberattack.
The company revealed the situation on Twitter, showing a ransom note the hackers left behind. “Yesterday, we discovered that we have become a victim of a targeted cyberattack, due to which some of our internal systems have been compromised,” wrote CD Projekt Red. “An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note the content of which we release to the public.”
The opening line of the note reads, “your have been EPICALLY pwned!!” Next, it explains CD Projekt Red’s source codes and internal documents for The Witcher 3, Gwent and Cyberpunk 2077 have been stolen and that they would be sold or leaked if the ransom is not paid. CD Projekt Red has been given 48 hours to decide. “We will not give into the demands nor negotiate with the actor, being aware that this may eventually lead to the release of compromised data,” wrote CD Projekt Red wrote in response. “We are taking necessary steps to mitigate the consequences of such a release, in particular by approaching any parties that may be affected due to the breach.”