CD Projekt Red has begun the process of containing the fallout of the massive cyberattack it suffered two weeks ago. It’s currently issuing DMCA takedown notices to Twitter users with tweets linking to material stolen from CDPR during the attack — the source code for Gwent, in this case.
For clarity, the Digital Millennium Copyright Act is a law designed to prevent users from circumventing copyright by digital means, and a “DMCA takedown” is a legal notice given to a website owner or internet service provider hosting content that attempts to violate the DMCA. According to Vice, the notices were sent to at least two users, one of whom confirmed the offending tweet linked to a torrent containing the Gwent source code. The notice read: “Description of infringement: Illegally obtained source code of Gwent: The Witcher Card Game. Posted without authorisation, not intended to be released to the public.”
Gwent is among the many games whose source code was stolen by hackers earlier this month. The company revealed the ransom note from the attackers, which claimed to hold the source codes for Gwent, Cyberpunk 2077, The Witcher 3, and an unreleased version of the latter. The attackers also said, in their ransom note, to hold valuable company documents which it would release to their “contacts in game journalism” which would reveal something about CDPR, though so far the source codes still seem to be the most interesting thing stolen.
The stolen material was later allegedly sold on the dark web for millions — there was apparently an auction, but some dispute as to whether or not the materials actually sold there or outside of the auction. It’s not clear whether the torrents to which these tweets were linked came from those who committed the attack or the people who allegedly bought the stolen materials at the auction.