'%20x='0'%20y='0'%20height='100%25'%20width='100%25'%20%0A%20%20%20%20%20%20%20%20%20%20xlink%3Ahref='data:image/jpg;base64,/9j/2wBDAAYEBQYFBAYGBQYHBwYIChAKCgkJChQODwwQFxQYGBcUFhYaHSUfGhsjHBYWICwgIyYnKSopGR8tMC0oMCUoKSj/2wBDAQcHBwoIChMKChMoGhYaKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCgoKCj/wgARCAAGAAoDASIAAhEBAxEB/8QAFQABAQAAAAAAAAAAAAAAAAAABAj/2gAIAQEAAAAAlw//xAAUAQEAAAAAAAAAAAAAAAAAAAAA/9oACAECEAAAAH//xAAUAQEAAAAAAAAAAAAAAAAAAAAB/9oACAEDEAAAAH//xAAbEAACAgMBAAAAAAAAAAAAAAACAwEREBITMf/aAAgBAQABPwAWJ5AMos4uy39x/8QAFBEBAAAAAAAAAAAAAAAAAAAAAP/aAAgBAgEBPwB//8QAFhEBAQEAAAAAAAAAAAAAAAAAAQAR/9oACAEDAQE/AF2//9k='%3E%3C/image%3E%3C/svg%3E)
A few days ago, CD Projekt announced that a hacker(s) had stolen data from their private servers and was hoping to extract a ransom in exchange for not leaking the data.
Rather than negotiating with the thief, CD Projekt instead went public with the information and informed the public exactly how much the hacker had managed to steal. Following this turn of events, the unknown hacker(s) has followed through on the threat and released the source code for GWENT online.
Why just leak GWENT?
Following the hack, CD Projekt received a ransom note claiming that the hacker(s) managed to steal the source code for Cyberpunk 2077, The Witcher 3 (including an unreleased version), and Gwent. If these claims are accurate, then it’s clear that GWENT is arguably the least valuable IP.
But it’s likely that the hacker(s) is still holding out in hopes of getting some kind of ransom. Releasing the GWENT source code gives their threats credibility, and they may be trying to intimidate CD Projekt into paying some kind of ransom.
The hack stole data which would only be of value to CD Projekt, though the hacker(s) seems to believe that leaking this data would somehow harm CD Projekt’s reputation.
CD Projekt holds firm and refuses to give in
CD Projekt likely values The Witcher 3 and Cyberpunk 2077 source codes more than GWENT’s, but seems to be committed to their current course of action. CD Projekt has not yet responded to the GWENT leak on Twitter, and it doesn’t look like they intend to.
It’s likely that they see no reason to respond or negotiate with the thief in any way whatsoever. With data theft like this, even if they were to pay the ransom there would be no way of knowing if the hacker(s) ever gets rid of the data in question. Even if they do pay, CD Projekt may find themselves in a similar position months, or even years, later.
With all that in mind, it seems smarter to just let the data leak and deal with it now rather than months or years later. Additionally, by involving investigators early, there is a higher chance of whoever perpetrated this hack being caught.
For now, there isn’t much for CD Projekt to do except inform anyone with compromised data of what exactly might be at risk, something that might take a good amount of time to figure out.
