Ubisoft hacked?

[erbkaiser]

Edit: Escapist has a news thread on it now: http://www.escapistmagazine.com/news/view/125596-Ubisoft-Reveals-Online-Security-Breach

---

Has anyone else gotten an email by Ubisoft today asking your password to be reset, since they were apparently hacked?

They say usernames, email addresses, and password hashes were all stolen.

Absolutely great. Can none of these huge companies bother to accurately protect their customer data?

Link to Ubisoft FAQ: https://support.ubi.com/en-GB/FAQ.aspx?platformid=60&brandid=2030&productid=3888&faqid=kA030000000eYYxCAM

Hello All,

We recently found that one of our Web sites was exploited to gain unauthorised access to some of our online systems. We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems.

During this process, we learned that data were illegally accessed from our account database, including user names, email addresses and encrypted passwords. No personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.

As a result, we are recommending you to change your password by clicking this link.

Out of an abundance of caution, we also recommend that you change your password on any other Web site or service where you use the same or a similar password.

An official forum thread has been created for you to post your questions.

We sincerely apologise for any inconvenience and thank you for your understanding.

 

[krazykidd]

I got one also . The problem is . I don't have an ubisoft account and my account name definately wouldn't be MasterGunnman. Don't know what to make of this.

 

[erbkaiser]

In my case it's my Uplay account they got, which I guess I have because of the Assassin's Creed games on the PS3. Hope that doesn't mean my Uplay points are now gone, I was saving up for future games (since seriously, screw multiplayer unlocks).

 

[antidonkey]

I got one as well. The only thing I've ever used it for it their Uplay crap and to download a free copy of Far Cry 3 a friend gave me. I guess I'll change the password on it.....not that there's anything worth stealing.

 

[Tom_green_day]

I didn't even know I had an Ubisoft account until I got this email.
I think it's less a case of them looking after the data badly and more a case of them... being hacked.

 

[Denamic]

Pff, I haven't used it since Assassin's Creed 2. It still uses an obsolete password, too. Couldn't care less. Good riddance.

 

[hazabaza1]

Pff, I haven't used it since Assassin's Creed 2. It still uses an obsolete password, too. Couldn't care less. Good riddance.

Considering it could have passwords that you use for other sites and the such, you probably should. At least change your password.

But yeah I got one too. Luckily it doesn't have the same name as the rest of my accounts, but still, this is really shitty.

 

[Denamic]

Pff, I haven't used it since Assassin's Creed 2. It still uses an obsolete password, too. Couldn't care less. Good riddance.

Considering it could have passwords that you use for other sites and the such, you probably should. At least change your password.

But yeah I got one too. Luckily it doesn't have the same name as the rest of my accounts, but still, this is really shitty.

Like I said, it uses an ancient password that I've long since cycled out of practice. It's probably the only thing that still uses that password. I always use randomly generated passwords, too, so there's no chance of using it to figure out my other passwords.

All passwords are encrypted, so even if they've got access to my account, all they've got is a string of gibberish and few uplay achievements that no one cares about.

 

[hazabaza1]

Pff, I haven't used it since Assassin's Creed 2. It still uses an obsolete password, too. Couldn't care less. Good riddance.

Considering it could have passwords that you use for other sites and the such, you probably should. At least change your password.

But yeah I got one too. Luckily it doesn't have the same name as the rest of my accounts, but still, this is really shitty.

Like I said, it uses an ancient password that I've long since cycled out of practice. It's probably the only thing that still uses that password. I always use randomly generated passwords, too, so there's no chance of using it to figure out my other passwords.

Fair enough. That random password thing is actually really smart. I'm way too unorganized to do something like that but that's clever.

 

[BloatedGuppy]

I got one also . The problem is . I don't have an ubisoft account and my account name definately wouldn't be MasterGunnman. Don't know what to make of this.

Is it alright with you if we just call you MasterGunnman from now on? It's kind of cool. You can get a trench coat, and grow a wicked beard, and we'll call you "MG" for short.

 

[Something Amyss]

I didn't get an email or anything. Weird.

Absolutely great. Can none of these huge companies bother to accurately protect their customer data?

The concept of foolproof security is a myth. Hacking will invariably happen to big companies.

 

[Denamic]

Fair enough. That random password thing is actually really smart. I'm way too unorganized to do something like that but that's clever.

I just use a generator and generate passwords until I get one that has a 'rhyme' to it, or a handy pattern of keystrokes. Makes a billion times easier to remember. I got the idea after I memorized my old DSL password that way. I still remember it.

 

[erbkaiser]

There is zero excuse for having all parts of vulnerable data on a single server. If you read the Ubi forums, you find that they had the usernames and email addresses essentially in plain text, and stored the corresponding password hashes on the same server.
And since Ubi says they likely got the passwords, they must have used weak security (if any) on the passwords, too.

Foolproof security is a myth as long as fools exist, but there is no excuse for lousy security due to laziness.

 

[SonOfVoorhees]

This is the problem i have with technology. They are forcing it upon you, PS4 and Xbone is more online friendly within reason, yet we cant even keep the internet we have now safe for people to use. If we cant protect our selves from hackers etc why make more consoles, phones etc dependent on online? Isnt this just creating more issues and targets?

See i payed to have my PC protected. Yet it still got bricked through people hacking it. But yet we have smart phones, ipads and now they want to add stupid google glasses etc to the list. Soon we will have fridges with internet connection (yeah, we have that now) and arseholes can hack in and turn it off and ruin your food. The future sucks, if we become 100% online based for everything, then we are screwed.

 

[chozo_hybrid]

I got it too, was wondering if it was real of or not. Just to be safe, I'll change it through the Uplay stuff, not the email link.