Ubisoft Reveals Online Security Breach

[Andy Chalk]

Ubisoft Reveals Online Security Breach

Ubisoft is recommending that all account holders change their passwords in the wake of recent unauthorized access to its user database.

In a security update posted on the Ubisoft support site, the publisher revealed that unauthorized access to some of its online systems was recently gained through an exploit of one of its websites. That access point was quickly closed but during a follow-up investigation, Ubisoft learned that "data were illegally accessed from our account database, including user names, email addresses and encrypted passwords."

The good news is that Ubisoft doesn't store any payment information on its sites so no credit card numbers were lost, but user accounts are still potentially at risk. Ubisoft didn't specify how many users were affected by the breach but given that it is urging all users to change their passwords, it's a reasonable bet that the number roughly falls somewhere between "we don't know" and "everyone." The company also recommended password changes on sites where the same or similar passwords are being used.

A forum thread [http://forums.ubi.com/forumdisplay.php/495-Security-update-regarding-your-Ubisoft-account-please-create-a-new-password] has been created to answer any questions you may have regarding the breach, and of course Ubisoft sincerely apologizes for any inconvenience and thanks you for your understanding.

Source: Ubisoft [https://support.ubi.com/en-US/FAQ.aspx?platformid=60&brandid=2030&productid=3888&faqid=kA030000000eYZ2CAM]


Permalink

 

[Andy Shandy]

Clearly this is just part of an elaborate marketing campaign for Watch Dogs...

But yeah, changed the password ASAP.

 

[ellieallegro]

Password... Nope. F**king password... Access Granted.

 

[linkmastr001]

This article doesn't mention that they also sent out emails to Ubisoft users as well informing them of the breach (myself included)

Thank you Ubisoft for being this up front about it. I blame you for nothing.

 

[VladG]

Erm... Again? Didn't they get hacked just a month or two ago when Blood Dragon was leaked?

 

[Callate]

*Sigh* And in case anyone still wonders why so many people aren't entirely enthusiastic about the potential for an all-digital marketplace...

 

[CriticalMiss]

I bet it was those interweb pirates, probably used a trojan hearse to intercept the jigabytes! The only solution, more DRM. And fast!

Even though they get a lot of crap for being a bit shit it seems like they are at least sensible enough to act quickly when things like this happen. Although really they should be making sure it doesn't happen in the first place.

 

[Devil's Due]

Wait, Ubisoft just now found out about the NSA whistle blowing? Eh, better late than never.

In seriousness, I don't even know if I have a Ubisoft account anymore, there's so many accounts that practically every game requires a new one. MMOs, Steam, Origin, XBL, Ubisoft, etc. I forget my accounts all the time. I hope all that are affected can quickly get their passwords and account sorted out.

 

[kailus13]

What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

 

[Glaice]

Does this involve uPlay, because I can't change the password for it when the bloody site is under maintenance right now!

 

[luvd1]

Shit. I ave no idea what my password is, I only played their damned games on the 360, that will know... If I was talking to it.

 

[Foolery]

I find this hilariously appropriate. You know, all of this could have been prevented if they dropped the shoddy DRM in the first place and stopped treating potential customers like criminals.

 

[rodneyy]

What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

depends how much people have reused the same password. if its a one off use then almost noting is gained, but if they use the same for all sites they might be able, with e-mail and reused password, to log into other games. most mmos have some form of black market for ingame items. or if they people are really not up to speed on internet security it could give them access to other stuff like banking or whatever.

then they could probally sell the list of email addresses to spam bots

 

[Insideout Ink Demon]

What's the worst that could happen if I don't?

 

[Dragonbums]

What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

It's always for the lulz.

 

[Longstreet]

Just an FYI to anyone who can't remember their password (hell, i didnt even know i had one) Just go to the ubisoft.com site, press a button up top that says click here to change your password. Just enter you email adress, go to your email, press that link and enter a new password. No old password required.

(I didn't press the link in the email Ubisoft sent me to inform me of the hack because, well, they just got hacked)


Anyway, just one more example of why always online and DRM in general is the worst idea ever.

 

[Bostur]

What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

Confirmed email adresses, lots of them. The bread and butter of spammers, phishermen and crooks everywhere. And maybe they hoped for phone numbers, physical adresses and credit card numbers as well.

They don't need to thank me for my understanding, because I have none left after a dozen of similar occurences. And I'd better start bracing for the inevitable wave of new spam. At least they didn't get my phone number and postal adress this time. Getting phonecalls and letters from scammers is getting annoying.

 

[Glaice]

It's a good thing I only have Farcry 3 and Farcry3 Blood Dragon on my uPlay account..

 

[sleeky01]

What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

depends how much people have reused the same password. if its a one off use then almost noting is gained, but if they use the same for all sites they might be able, with e-mail and reused password, to log into other games. most mmos have some form of black market for ingame items. or if they people are really not up to speed on internet security it could give them access to other stuff like banking or whatever.

then they could probally sell the list of email addresses to spam bots

Very true!

In fact I'll post this interview I stumbled across 2 yrs ago. The young guy being interviewed is one Jared Psigoda who is a self-described "King of Chinese gold farming".The whole interview is interesting to watch just to get an understanding on how these gold farming companies work.

The related part to this thread is at 32:20 (I wish I knew how to post a youtube video at the correct time slot)where he explained exactly how game accounts get hacked.

Hint: Its from all the forum sites.