The stolen CD Projekt source code auction has closed, reports darknet company Intel service KELA now, as a “satisfactory offer” is accepted. It is not clear to which part the source code was sold, even if the buyer is said to have paid enough without saying that the information will no longer be distributed or sold on an ongoing basis.
Earlier in the week, the CD Projekt said it may not participate in the ransom demands or negotiate to regain its data.
The stolen source code of Cyberpunk 2077, card battler Gwent for free play, and an unreleased version of The Witcher 3 have reportedly already appeared at auction after developer CD Projekt refused to fall to ransom demands by hackers following a breach of its servers.
Yesterday, CD Projekt released a statement saying the “unidentified actor” had obtained unauthorized access to his internal network over the weekend and collected various data. The offensive note gave the developer 48 hours to “come to an agreement” regarding the source code and documents -—relating to accounting, administrative, legal, HR, and investment -—olen from its servers; otherwise, they could start leaking online.
For its part, the CD Projekt has promised that it may “refuse to meet demands or negotiate with the actor, being aware that this might eventually cause the release of the compromised date.” It also said it had been taking “necessary steps to mitigate the results of such a release, especially by approaching any parties which will be affected.”
With 48 hours running out, however, it seems that hackers are preparing to take action. Tom’s Hardware reports (based on information from vx-underground) that samples of Gwent’s source code have already been disclosed online, with full code—alongside that of Cyberpunk 2077 and uninstalled, possibly files related to the next version of The Witcher 3—set to be auctioned later today. The first bid for the full repository is approximately $1,000 USD.
CD Projekt has yet to respond to the latest issue, but it commended its former employees for taking precautionary measures following the leak of a tweet review posted last night. “As of this moment,” it noted, “we don’t possess evidence that any of your personal data was accessed.”
