CD Projekt Red Uses DMCA to Take Down Tweets Sharing Stolen Game Code

Several Twitter users said they received DMCA notices for posting a link to leaked data.
Image: Patrick T. Fallon/Bloomberg via Getty Images
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

Game developer CD Projekt Red (CDPR) got Twitter to take down several tweets that contained links to company data that hackers stole and leaked online last week

On Thursday, CDPR notified at least two Twitter users of the takedown by sending them an email via a copyright monitoring firm, according to a copy of the email obtained by Motherboard. 

"Description of infringement: Illegally obtained source code of Gwent: The Witcher Card Game. Posted without authorisation, not intended to be released to the public," the DMCA takedown notice read.


One of the users who received the notice and got their tweet taken down said that the tweet contained a link to the torrent to download the source code of the CDPR game Gwent. 

"Let's just say it wasn't anything I didn't expect," the user told Motherboard in an online chat. 

The email also contained links to tweets posted by three other users. Those tweets have also been taken down and replaced with Twitter's standard message saying the tweet "has been withheld in response to a report from the copyright holder."

On Monday of last week, CDPR announced that it had been hacked in a statement posted on Twitter, where the company also published a screenshot of the ransom request it received from the hackers. 

"An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note," the company wrote.

The leaked data shared by the Twitter users included assets from multiple versions of Gwent, a card game based on the Witcher universe. The leaked files also included a note from the hackers announcing more leaks. The hackers who posted it online were trying to sell other alleged unreleased data stolen from CDPR. One of the sellers declined to answer any questions last week, telling Motherboard in an online chat that they had "no interest" unless we paid $250 per question. As a policy, we never pay for interviews. 

CDPR did not immediately respond to a request for comment. 

Subscribe to our cybersecurity podcast CYBER, here.