Last February, CD Projekt suffered a ransomware attack that allowed hackers get both personal data and the source code of the video games they have developed (like the 'Witcher' saga, 'Gwent' or the popular and controversial 'Cyberpunk 2077'). Now, all that data is available on the Internet.
The attack was carried out using well-known software, like its developers, such as HelloKitty (based in turn on another pre-existing malware called DeathRansom, with which antivirus tend to confuse you) and had purely lucrative motivations, although in the first hours it was speculated with the theory that a group of enraged fans could be behind after the release of Cyberpunk 2077.
What is ransomware, how it infects and how to protect yourself
The data, available on the Internet
Well, CD Projekt has recognized today in a statement that at least some of the information extracted from their servers is available on the Dark Web, and that it could include personal data about employees and contractors, for which they have already contacted the Polish police and Europol:
"We cannot yet confirm the exact content of the data in question, although we believe that it may include old and / or current details of employees and contractors, as well as others related to our games. Nor can we confirm whether the data involved may have been tampered with after the attack".
The user who has published it, in any case, affirms that among the published information there were accounting and legal documents and information on the workforce and on investor relations.
This user does not have to be a HelloKitty memberThis group claimed to have sold the information months ago: in fact, another group called PayLoad Bin recently published the 364 GB of source code data for the entire CD Projekt catalog.
The video game developer company has also contacted the Polish data protection authority, and announced the implementation of new security measures to prevent another case like this from happening again:
"We would also like to affirm that, regardless of the authenticity of the data circulating, we will do everything in our power to protect the privacy of our employees, as well as all other parties involved. We are committed and prepared to take action against the parties that share the data in question ".