Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Auction Alleged Stolen Cyberpunk 2077, Witcher Source Code

Hackers Auction Alleged Stolen Cyberpunk 2077, Witcher Source Code

Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack.

Yesterday, CD Projekt suffered a ransomware attack where the attackers claim to have stolen unencrypted source code for Cyberpunk 2077, Witcher 3, Gwent, and an unreleased version of Witcher 3.

As part of the double-extortion attempt, the attackers threatened to release or sell the stolen data if CDPR did not pay the ransom.

This attack was later confirmed to be conducted by the HelloKity ransomware group.

When disclosing the attack, CD Projekt stated that they would not give into the ransom demands and are restoring from backups instead.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

Threat actors begin to auction allegedly stolen data

Today, security researcher VX-Underground tweeted that the threat actors have started to auction what they claim is stolen data from the CD Projekt attack.

This data allegedly includes stolen internal documents, ‘CD Projekt offenses,’ and the source code for Cyberpunk 2077, Witcher 3, Thronebreaker, and an unreleased Witcher 3 version with raytracing.

Auction post for CD Projekt Red files

The starting price for this auction is $1 million with bid increments of $500,000 and a ‘blitz’ or buy now price of $7 million.

To prove the stolen data’s validity, the seller known as ‘redengine’ has shared a text file containing a directory listing from the alleged Witcher 3 source code.

Cyber intelligence firm Kela told BleepingComputer that they believe the auction to be legitimate due to the directory listing and the demand to use a middle man to handle the sale.

“The seller is requiring buyers to use a guarantor and have a deposit – this user is new to the forum, but we think that maybe this is a known user that just created a new account in order to prevent them from being traced by researchers.”

“Additionally, the demand for using a middleman seems to be their way to ensure that there is no scam that will occur,” Kela threat intelligence analyst Victoria Kivilevich told BleepingComputer.

Alleged Gwent source code released for free

A threat actor who claims to be part of the HelloKitty ransomware operation told BleepingComputer that the auction is only being held on the well-known cybercrime forum

As part of this data leak and to further prove the data’s validity, this threat actor released a 21 GB archive for free on hacker forums that allegedly contains the source code for the Gwent card game.

Directory listing of alleged Gwent source code

BleepingComputer has not been able to verify if the source code is legitimate independently.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

BleepingComputer has contacted CD Projekt to confirm if this leaked data is legitimate but has not heard back.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us