Leading game company Ubisoft website hacked; user information compromised

A leading game company Ubisoft, popularly known for creating the Assassin’s Creed video-game series, has announced that the user names, email addresses and encrypted passwords of its account holders had been illegally accessed, leaving out their other personal information such as physical addresses, contact number etc. It is requesting all its users to change their passwords immediately.

ubisoft

Ubisoft said in an official statement:

We recently discovered that one of our Web sites was exploited to gain unauthorized access to some of our online systems. We instantly took steps to close this off and to begin a thorough investigation with the relevant authorities, internal and external security experts, and to start restoring the integrity of any systems that may have been compromised.

Ubisoft added that no personal information is stored with Ubisoft, making all the payment information mechanisms including the credit/debit card information was safe from this hacking attack. The passwords accessed are encrypted, meaning that they are not clear text but an obfuscated value, which could be cracked in case the password is weak. Hence, the company is requesting its account holders to change their passwords wherever they use the same one.

The company said that the attack did not originate from its Uplay Services; instead it targeted some of its online systems. Hence, the uptime and stability of their games’ online services were not affected. Ubisoft also admitted that this intrusion is not related to any other games company’s previous security breaches. As per the nature of the attack, it said that credentials were stolen to access their online network. Ubisoft declined to give specifics into the incident citing security reasons.

Ubisoft said that they have begun a “thorough investigation with relevant authorities, internal and external security experts, and to restore the integrity of any compromised systems.” It also said that complete immunity to such intrusions cannot be guaranteed, hence it cannot commit that there is no such risk of it happening again.

We would suggest all users to change their passwords right away and remove their store payment information as well. It is better to do a little extra every time by entering payment information than to repent later if the same gets compromised.

Posted by with Tags
Roger Dunning is a technology evangelist. He lives in New York with his wife and pet dog. You can find him 24×7 on the Internet.