It seems that the cyber attack that compromised the systems of Polish game developer and publisher CD Projekt are having more serious consequences than initially thought.
The hack has been proven to be legitimate, with the ransomware group behind the attack already having leaked and sold some of the data they took from the servers. The full source code of Gwent, the popular virtual card game set in The Witcher universe has already been leaked, and allegedly the source code of Cyberpunk 2077 was sold in an auction.
The cyber attack was recently disclosed by CD Projekt itself. The company gave a brief description of what happened and reassured fans that no user information was compromised and that the company had no intentions to negotiate with the attackers. The ransom note left by the group was also shared, which claimed that source codes for Cyberpunk 2077, Gwent, The Witcher 3: Wild Hunt and an unreleased version of The Witcher 3 were all lifted from the servers, alongside a number of financial and legal documents. The note threatened the company with selling and leaking the data if an agreement wasn't reached.
It seems both sides made good on their promise - CDPR did not contact the attackers, and the attackers began selling and leaking code. The group started an online auction for the Cyberpunk 2077 source code, with an initial price of $1 million and a buyout option for $7 million on a Russian hacking forum. They soon shut down the auction, claiming to have received a satisfactory offer from elsewhere. It is not clear who bought the source code, and for how much. It was revealed, however, that whoever purchased the code did so with the condition of "no further distribution or selling".