News | Threats

Game Company Ubisoft Hacked, User Accounts Compromised

Posted: July 2, 2013 by Jérôme Segura

French video game developer and publisher company Ubisoft suffered a hack to one of their websites according to a statement published today. Customer data including names, emails and encrypted passwords were accessed by unauthorized third parties and should be considered part of the public domain now.

It is not clear how the breach happened as Ubisoft declined to share all the details: “Credentials were stolen and used to illegally access our online network. We can’t go into specifics for security reasons.“. However, their comment seems to suggest that a Ubisoft employee’s credentials were stolen (spear phishing attack perhaps?) and those credentials were sufficient to access sensitive data.

The company prompted its users to change their password immediately while insisting the passwords were not stored in plain text, but rather encrypted, which makes it more difficult for the bad guys to retrieve them.

password

Despite coming forward and apologizing, Ubisoft is getting hit with hundreds of nasty comments on its forum, although many are uncalled for:

Congrats UBISOFT for making me change all my passwords for everything I use. Bank, Credit Cards, Email, Utilities, Cell Phone, College. How about some compensation! Your ignorance leads to unnecessary burdens on your users. This bit of having accounts compromised has grown old. No body learned anything from Sony. The Uplay thing is junk and there’s no reason for it. Played hawx back in 2006 forget I even had a UBISOFT account. Didn’t realize you guys even existed anymore.

If that person is using the same password for Uplay as his banking account then I really don’t feel sorry for him.

Here are some things to take away from this:

  • Do not reuse the same password on multiple online accounts.
  • Choose a strong password (encrypted passwords can indeed be retrieved if they match a dictionary word or are weak)
  • Only disclose the information required (additional tidbits you give are used for marketing purposes and are golden nuggets for identity thieves).
  • Watch out for phishing scams asking to reset your Uplay password. Now that email addresses have been collected, such scams will come out.

RELATED ARTICLES

A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments
week in security
News

A week in security (April 8 – April 14)

April 15, 2024 - A list of topics we covered in the week of April 8 to April 14 of 2024

CONTINUE READING 0 Comments
change social security number
News

How to change your Social Security Number

April 12, 2024 - Wondering whether changing your SSN is an option. Read here what you need to qualify for a new SSN and what you need to get one.

CONTINUE READING 0 Comments
mercenary spyware alert
News | Privacy

Apple warns people of mercenary attacks via threat notification system

April 11, 2024 - Apple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Jérôme Segura

Jérôme Segura

Principal Threat Researcher

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams