Ransomware victim disclosure
← All victimsCD Projekt!
Claimed by Hellogookie · listed 2 years ago
Status timeline
- ListedApr 19, 2024
- Data leakeddate unknown
At a glance
- Group
- Hellogookie
- Status
- Data leaked
- Country
- Poland
- Sector
- Technology
- Listed on leak site
- Apr 19, 2024
About the victim
AI dossier — public-source company profileCD PROJEKT RED is an independent video game development studio headquartered in Poland, home to over 1,000 employees. The studio is known for story-driven role-playing games including The Witcher series and Cyberpunk, with a focus on technical innovation and narrative quality.
- Industry
- Video Game Development
- Employees
- 1000+
- Founded
- 1994
Attack summary
Severity: high — Confirmed credential compromise and exfiltration (magnet link) of what appear to be source code or sensitive project files from a major game development studio. Potential operational impact to development infrastructure and intellectual property.The group claims to have obtained passwords and access credentials for multiple internal systems and projects (w3, gwent, thronebreaker, w3rtx). A magnet link is provided suggesting exfiltration of data, though specific content details are not disclosed in this post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- Internal system credentials
- Project access passwords
- Source code repositories (implied by magnet link)
What the group claims
How you doin? I just remembered some passwords... do you have it? ah, whatever... just leave it here... w3: oJX&S5678536Y8as%23 gwent: GyrS^&4A89x, w3rtx: NIh\*AS^8x0Xppw thronebreaker: AN87*-2047UIOSh78^X magnet:?xt=urn:btih:44134E7ADE0F85E0...
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

