CD Projekt RED made the news again this week, confirming it had been targeted by a ransomware attack. Gaining access to a large swathe of employee data, this anonymous hacker also threatened to release The Witcher 3, Thronebreaker: The Witcher Tales and Cyberpunk 2077's source codes, giving CD Projekt RED 48 hours to meet their demands.
CD Projekt RED subsequently refused to negotiate, instead referring themselves to Poland's Personal Data Protection office. That time limit has since expired and now, it appears these source codes have gone up for auction.
As reported by vx-underground, bids are allegedly starting at $1 million for the entire cache – which is rumoured to include The Witcher 3's next-gen upgrade – accepting $7 million for an immediate purchase. No mention was made about the employee data, but Gwent's source code has leaked separately in the meantime.
CD Projekt RED has not responded to this current development, but it offered a Twitter update last night for former employees. Confirming "we don't possess evidence that any of your personal data was accessed", it still advised people to take precautions nonetheless.
[source gamespot.com]
Comments 87
Don't have much sympathy for CDPR after the whole situation with Cyberpunk 2077.
It's a shame for the employees though, they've had a rough time before this happened.
I don't feel too bad for them after the stunt they pulled. It's an unfortunate situation though.
Why don’t CDPR put up their own auction, since they lost all the data? Actually that’s what I understood from the headline.
They are getting PWNED
I have difficulty understanding who would want to pay that much money for the source code.
What commercial value is there in the source code? I can't see it being much use to other developers really.
Only people I can think of that would spend serious money on it would be hackers looking for exploits.
@HugoRadio I know right? 7 million is enough to make a game with its own success. Or just retire instead lol
I hope those guys are comfortable about eventually going to jail.
I feel bad for the employees and some confidential data being leaked, but I couldn’t care less about their games at this point.
@HugoRadio People like those who made Genshin Impact would love to rip off another classic, just saying.
Man CD Projekt just can't catch a break recently
@rushiosan genshin didn't rip off of zelda, just saying
So we might get some more expansive mods in the near future then?
@rushiosan why would you buy a source code just to create a vastly different game. lol
@rushiosan genshin is way different to zelda lol so what is has a stamina bar as so does immortals Fenyx rising and Oceanhorn 2.
Genshin is more a JRPG and more combat heavy than zelda and has a levelling up system and is a live service game with regular events and updates.
If anything I would say Oceanhorn 2 is a rip off of zelda
@blockfight Agree.
People that are upset because Cyberpunk was a failure are forming a mob mentality and think that bad things happening to CDPR are deserved.
@blockfight Agreed. When I saw this a few days ago I joked that perhaps the hackers could fix the game, but theft is never OK.
@blockfight simple as that
@HugoRadio You'd be surprised how powerful source code can be.
Especially with botting, not sure what in the witcher they might abuse but I know source code leaks for other games often lead to bot scripts to auto grind games and inject hacked items. If the demand for that stuff is up there, you're looking at huge profits over time. I think the value for the witcher might be on the high end though, not really too sure what people would do with scripts in that game.
Idk about anyone else but TF2 has been unplayable for me due to the auto leveling bots since the source leak. Clearly though whoever is using them is making a fortune on the steam market with engineer gaming bot.
$1 million? Who the hell is going to pay that? And then once you pay it, what's to stop the perps from simply publicly releasing the code anyway and rendering your investment literally worthless?
So why would anyone pay some criminal like this? They don't exactly come off as trustworthy.
@Kimyonaakuma Yeah... :/
And when you pay that money, you're guilty of buying clearly stolen goods... It sounds like they're trying to make the money that they thought they would get in ransom.
@iulis84 Probably not empty, eh?
So people hate CDPR right now. That does not make what the hackers did okay. Personally, I dislike those smug criminals much more than the guys who messed up the product people were looking forward to.
@TNLGUY And, you know, if a product is not up to scratch, don't buy it. Return it. Don't buy from them in future. But we're not all owed perfection. Life doesn't work like that!
I find it quite bad that people who were disappointed that a game not turning out how it was promised and hyped to turn out means it is justification why this happened and then they some how deserve it. People's perspective on what is right and wrong are too easily skewed just because they feel they have some right to a piece of software or anything that has a large following these days like games, movies and tv shows.
I get CDPR is under hot water for what happened with Cyberpunk but some of y'all saying "I have little sympathy for them" or "I don't feel too bad for them" are taking reactions way too far into the mob mentality direction just because they screwed up a game launch
I have to agree that the only potential buyers here would be Chinese rip-off game companies.
Pirates and modders aren't gonna pay millions. Legitimate industry competitors aren't going to get their hands dirty. This source code would only be valuable to a big-enough company; one which doesn't have to care about IP laws and has access to a market of consumers who also are willing to pay money for clearly ripped-off products.
Also I don't really see how this very-public transaction could do anything other than lead authorities directly to the hackers. "Following the money" is basically policework 101 these days, even if they use cryptocurrency.
Its sold! Yikes guess someone paid up the full $7m
@DanielRivers yeah it was me. I'm going to invite Taylor Swift over if she wants to read through it with me.
Yeah cuz someone gonna actually buy that?
CDPR management should all step down immediately. Their decisions are being met with some major repercussions. yeah it's all illegal blah blah blah, but literally none of this would have happened had they not completely botched cyberpunk's development, then attempted to capitalize on it anyway. the ripple effects are going to keep on rollin through 2021.
Everyone who bought there game should message them and tell them it'll be okay after a few updates.
Considering how serious of a crime this is, I don't give a damn about how bad Cyberpunk was, this is not deserved on anyone. We can't let morals or emotions dictate what's right and what's wrong from a judicial perspective.
Also, most ppl got their refunds that were unhappy with it after the launch, if you bought it after the reviews and opinions were out there on the Internet, that is not on CDPR, that is on you, so stop complaining about this, it has become pathetic at this point.
There's been enough media coverage (to aid, you know, common sense and logic) for everyone remotely in the field to know that the auction is about consciously stolen data and no buyer could use it without eventual repercussions for anything but a home drive stash. 7 million real-life bucks for a real-life analogue of a cursed ring? Wheee~
@Crockin' "literally none of this would have happened had they not completely botched cyberpunk's development, then attempted to capitalize on it anyway"
O sancta simplicitas. But this pearl of thought befits the fan logic alright.
The mental gymnastics people jump through to justify crime. Illegal ROM sites are okay because they preserve games. Leaking Nintendo's assets is okay because it helps us get to know a company that's too secretive. Auctioning off stolen source code is okay because CDPR deserves it. It's all bull$hit. All of that is illegal, and it's as simple as that. But for those of you who aren't very far along in your intellectual development, who still think simple is simplistic, and who require further explanation, the property rights which justify why all of that is illegal are real, and are important. The reasoning behind these crimes is neither.
@blockfight CDPR used to outright steal other people's work. They used to pirate Western games, hack and crack them, burn them onto CDs and then sell them as their own on the Black Market in Eastern Europe. They are not the saints they pretend to be.
And when people were pirating copies of The Witcher 2, they hired a German law firm (which they vehemently denied) to send out letters. Only those letters weren't "cease and desist" letters — they were flat out extortion demands: "buy a copy of our game and we won't prosecute". AND then sent out letters to legit owners of the game despite assurances that their software for pirate copy detection was foolproof. They can't even do that right.
So, please, don't feel sorry for them. They've had this coming for a long, long time.
@nhSnork You're very wrong there. It's being sold on a venue that routinely sells this sort of stuff so yeah, it'll get sold and for plenty.
@BradT If you have accusations like these, at least provide some source that can undersupport your statement. "Trusting" random accusations on an Internet comment section is one of the worse ideas ever.
@BradT so basically for personal collection indeed. Well, in theory it's still not THE most perverse to spend big money, I suppose. In theory.
@TheFrenchiestFry They've done way worse than that. They consistently been lying to everyone for years. To their investors, to their partners, to their employees and to their consumers. They were pirates who stole other people's work and sold it as their own. They've made up tons of stories about being victims in the past and now they're finally truly victims of their own wrong doings.
Just how many times does someone have to deceive you, outright lie to you, before you'll see them for what they are?
@TAndvig In several interviews, they'd admitted to their past piracy practices. It's how they started their company. It's where they got their name from, FFS.
Such a shame for a big European studio. As if the Cyberpunk backlash hasn’t hit them badly enough. I was looking forward to playing it in a few years when I catch up to current gen, or even a Witcher 4. I worry this could SINK them.
@TryToBeHopeful This isn't about perfection. It's about deception. It's not just a game that's riddled with bugs and glitches. It's a broken and unfinished game that somehow managed to get Gold certification. Do you get what that means? There's no way in hell that happened legitimately, not in the state the game was in at launch. Do you not understand just how deep this crap goes?
@BradT Is it really so difficult providing links to support what you're saying? So in other words it's just *****. Well nice try dude.
I'm sympathetic. Witcher 3 was amazing with all the fun times I've had with it... CyberPunk I've stayed away from so I can't speak for that from personal experience. But point it, this is terrible for CDPR. Really the person, or people, who are doing this are real dirt bags. Why halt all their attempts to make it better and make it worse? I'd love to see it happen to them if the tables turned and see how they feel. Lose your job, for example, and then have someone steal your car and demand you pay them for it. Honestly, what's their goal here? (I know how Ransomware works, I'm not talking about that) Teach them a lesson?
@quigtendo I only hope it does. They literally got away with murder with The Witcher 3. Apparently people have the memory of swiss cheese. It had a rough launch as well with plenty of very angry people regarding the state the game was in and their early patches just made the game worse and worse. Then a 2 month delay for the next huge patch had people fuming. No one remembers any of that. I'd point to CDPR's own forums for proof but CDPR wisely chose to pretend they'd been hacked and deleted all threads, installed a new forum with amped up security and then began releasing those free DLCs and suddenly they were the media darlings once again.
They get away with ***** because people let them. They're too easy to forgive and forget and that's what led to the disaster that was Cyberpunk 2077. They genuinely believed they could get away with releasing a half-baked and broken game and that the world would praise it while waiting two years for patches (AND MODS) to fix their game.
Both are terrible. CDPR and the hackers. I don’t have to pick a side because both of them have committed criminal acts in their pursuit of money.
@BradT You're making pretty large incriminating statements but do you actually have sources that back this stuff up? I've never heard of any of the things you're talking about
Everything and everyone seems to hackable. Which is why smart homes and the internet of things can go and f*ck themselves.
Nobody is going to pay that kind of money for stolen source code. CD Projekt did the right thing by not giving into their demands. When companies don't play ball with hackers, the hackers start to lose their incentive to do it in the first place.
CDPR literally got away with murder?!
By all means, dislike the company, but experiencing schadenfreude about employee data being hacked is really miserable.
@BradT I see you make an impassioned point.. but if I chose to boycott every single company with some dodgy practice I’d probably end up playing chequers I’d made from pebbles in a wooden hut, living off berries and lichen. Let’s not forget Nintendo’s sometimes anti consumer behaviour.
@BradT "They literally got away with murder with The Witcher 3."
Literally? Did you mean to use that word there?
@BradT you might want to pick up a dictionary and learn the meaning of "literally", before making such bold statements and failing to provide any concrete source.
Big companies like Capcom can deal with this, but what about indie companies? when you get cry babies who say I want this game on my system, and they do crap like this? this is wrong. It is sad that 5 year old children who live on their mommie's basement, or you know full grown adult over priveleged gamers who think the world owes them every thing
i just hope this does not becomes an everyday thing with game developers.
We will hold CD Projekt Red's information ransom for.....
@MARl0 "When companies don't play ball with hackers, the hackers start to lose their incentive to do it in the first place."
Nah. Hackers will still hack. In a lot of cases, they're happy just to earn the notoriety for their exploits. Those in the "scene" know exactly who these guys are (or at least their hacker pseudonyms) and are applauding them. If they can profit from it, then they will, but that's not their sole motivation.
@BradT Your knowledge of CD Projekt's history does not appear to be entirely accurate. According this Eurogamer article (linked below), at the time the founders got their start in the gaming business as high schoolers, buying and selling pirated software was considered perfectly legitimate in Poland with huge flea markets operated for exactly that purpose. When they started their own company, they decided to go legit and paid licensing fees to the original publishers for the rights to import and distribute their software, and they combated piracy by adding value to their products with extras that pirates would be unable or unwilling to provide. Their first big success was a licensed version of Baulder's Gate where they did the localization work themselves and included enough value added extras that the pirates at the local flea market simply couldn't compete. Why pay $15 for a pirated copy of the game when you could pay $30 and get one in your native language along with a Dungeons & Dragons rulebook, a cloth map, and a soundtrack CD? They sold 18,000 copies the first day.
So whatever else you might think about the company, they at least did it right in the beginning.
https://www.eurogamer.net/articles/2013-11-06-seeing-red-the-story-of-cd-projekt
I actually feel terrible for the developers. They're the ones who are going to be hurt most by this. And why CDPR? Why not Activision or EA if you're going to go after bad companies that ruin games/franchises? They are the ones that need to go if the industry wants to get better.
Well, with the source code out there I guess I won't be playing Witcher 3 anymore. I don't need hackers and modders ruining that game now like they did with Warzone.
Wasn’t a Witcher 3 fan at all. Played cyberpunk on base PS4 and was truly shocking that it was released in a broken state for such a hyped game. Different games I know but felt the same way as alien colonial marines when that came out xxx
@Tasuki Witcher 3's not even an online game, so that wouldn't even affect you. And there are loads of excellent mods for Witcher 3, many of which greatly improve gameplay, let you customise Geralt or do a bunch of other cool things. And Warzone on console has tons of cheaters now, thanks to devices like the Chronus Zen, which not only allows for mouse/keyboard support on console, but for custom user scripts and cheats.
What good is stolen source code? Any developer or publisher who used it would be sued into bankruptcy.
@Heavyarms55 Hacker and modder groups can now be able to create cheats and hacks for games.
@BradT
You are making really serious Statements against this Company without any Proof and you are talking to others in a really bad Tongue.
Shame on you.
@Tasuki Okay cool and all. But who would spend hundreds of thousands or millions of dollars on it?
@Heavyarms55 Not cool man. Hackers and modders ruin games look at Warzone for example. Not cool at all.
@CerberusAzdin EPICALLY
@Tasuki I mean I agree in any form of multi-player game 100%. But in single player titles I see no harm in it at all. I've played a lot of rom hacks, they can be a lot of fun. Like I once played a Pokemon zombie apocalypse game. And before Pokemon Heart Gold and Soul Silver, someone remade G/S/C using the GBA game engine. It was pretty awesome.
But what I don't understand is why anyone would pay money for the source code, just to make fan mods and fan games.
@BradT I don't remember you posting here before. But since we are all idiots, I must be too stupid to ever have need to read you again.
Ignored.
@Azuris I'm slow today, or I would have realized that this is a self-labelled troll account. Pronounce "Brad T" quickly - it sounds like Bratty.
@Kimyonaakuma you do realize a big part of that was based on pressure from consoles to have it come out on old hardware.
Auctioning off source code? What good would that do if it's their intellectual property? More importantly, what difference does it make if we already have mods for both games?
You’d think CDPR walked into your house and set it on fire with how people are up in arms about Cyberpunk. It’s not like they took people’s life fortunes. It was a videogame FFS. Refunds were offered. It won’t be the last time a game comes out that does not align with expectations.
No company deserves to be digitally ransacked and subsequently extorted. I really hope these persons are found and put in a cage. I feel for them and am disgusted at how utterly self righteous people are behaving like shareholders because they paid $100 or so for a videogame ..
Just goes to show how dumb people are
Anyone that thinks this is ok needs to get a life.stop living in you mamas basement and get a life
@BradT What a load of crap.
Did you know that Coca Cola created Fanta for the Nazis seclusively during the war? And people still drink it and almost forgot about it.
Did you know that early IBM machines were manufactured for legislation in concentration camps to speed the process of "interns"? And the company still functions even more than before.
Every company on this damn world had done terrible things and compared to that CDPR are saints.
Just because they did things that are't OK, doesn't mean this IS OK... Then again if they auction the code, they can be tracked down, right? If someone is stupid enough to buy it for whatever reason, they can't do anything with it, can they? I guess I just don't get it...
@echoplex yeah but that would just essentially be giving the hackers the money they want- and they already said they weren't going to negotiate, so...
Hold on so do we know the hackers demands or not? This is the one thing im confused abt
Does anyone else remember a couple of years ago when CDPR was treated as the creators of one of the best RPGs in history?
Then, a poor business decision was made, and they are now the digital devil?
Well, I guess everyone loves a good witch burning!
In all seriousness, since I started working for software companies in the late 90s I have seen a lot, some of which could be considered much worse. They are definitely not the first company to botch a launch. Be grateful it was only in the entertainment sector, and not medical or finance!
The one thing a lot of people don't seem to understand in this witch hunt against CDPR is that are a lot of factors that come into play when it comes to releasing a product that you know isn't ready. It usually has nothing to do with a mustache-twirling greedy villain, but sometimes miscommunication, investors and stockholders being tired of waiting for their ROI, and demanding no more delays or they stop paying the bills. Maybe there was a lot of turnover in QA or Dev (or sickness) that threw off the entire schedule. It could have been a million different little things that led to one big launch snafu.
What has now happened to them is absolutely horrible, and I would not wish it on anyone. I hope that the hackers are caught and fully prosecuted.
Man, if I cared about The Witcher 3, I'd be upset too
@Tasuki Sir, how does one join the dark order? I have a feeling this is a franchise I'm not familiar with, but I'll go ahead and make some sort of joke about goat sacrifice anyway.
@Jayofmaya It's actually a wrestling stable from All Elite Wrestling.
@Tasuki Ahhh, that would make sense as to why I am clueless. I just played some of the old ps2 wrestling games back in the day, that'sthe extent of my wrestling knowledg. XD
Tap here to load 87 comments
Leave A Comment
Hold on there, you need to login to post a comment...