Ubisoft security fail: up to 58 million email addresses and passwords stolen


Ubisoft are the latest victims in a string of hacking attempts over the last six months or so. This one was successful in stealing the usernames and passwords of possibly all 58 million customers. The good news is that credit card details and other similar sensitive information is not stored on the server that was hacked, so private information remains safe.

From Ubisoft support:

Security update regarding your Ubisoft account - please create a new password

We recently found that one of our Web sites was exploited to gain unauthorised access to some of our online systems. We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems.

During this process, we learned that data were illegally accessed from our account database, including user names, email addresses and encrypted passwords. No personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.

How did this happen? Which website was exploited? Where did it come from?

Credentials were stolen and used to illegally access our online network. We can’t go into specifics for security reasons.

Has any of my personal data been compromised?

The intruder was able to access account data including user names, email addresses and encrypted password. To our knowledge, no other personal information (phone numbers, physical addresses etc. was accessed). No personal payment information is stored with Ubisoft, meaning your credit/debit card information was not at risk from this intrusion.

Who is Ubisoft?

Ubisoft is a French gaming company best known for its titles like Assassin’s Creed and Far Cry. Founded in 1986, it now ranks 3rd in the US and France within its market. Users who buy the games for the PC usually find that they have to register the games for the company’s anti-piracy needs, and those who play on games consoles can track their achievements by registering. This leaves many gamers open to this most recent attack.

Hacking reported on the Ubisoft forums

Ubisoft instantly sent out emails after realizing that the attack had happened, informing users that they would need to change their passwords. The notice sent in the email was also posted on the Ubisoft forums and website to make sure all users were made aware of the issue. There is a link directly from all these communications for users to change their password.

Passwords were not the only things taken; the hackers also harvested email addresses. Due to the problems, Ubisoft is recommending that users who use the same or similar password on other sites change them too as a matter of precaution.

Ubisoft opened an official forum on the situation, and there are now three pages of discussions

  • Some customers are having problems with accessing certain parts of their account and games.
  • Others have responded with queries about other accounts being hacked into.
  • Some users are having problems with changing passwords. This could be due to the amount of people trying to use the system at the same time. Other users have noted that a day later everything has worked as it should, so if you’re having trouble, just give it time.
  • One discussion covers how deleting the account may not be the best option. According to Ubisoft’s terms and conditions, once an account is deleted all access associated to that account will also be deleted; a player forfeits everything that has been bought in the past, even though he or she may want to create a new account that definitely hasn’t had the details stolen.

Ubisoft under fire in the past

This isn’t the first time that Ubisoft have had problems with their software. In 2012, when a browser add-on for the Uplay was introduced, there was a security hole that allowed cybercriminals to place malware onto users’ computers: Ubisoft quickly installed a patch.

In April 2013, hackers found a way to buy games from the website without paying for them, including a game that hadn’t been released. The online store was temporarily closed while the hole was fixed.

Ubisoft investigating the breach

Ubisoft was alerted quickly about the breach and is now performing a full investigation. This investigation will allow authorities to catch the hackers and the company to find out how the hack happened and the steps to take to prevent it happening again. According to the website, the security team is exploring methods to make the site safe and secure.

Ubisoft Problems: Is the Security System Enough?

In light of the two problems this year, it begs the question whether Ubisoft’s security systems are really enough. While there is the focus on makes sales and building profits, with 58 million people storing their details on the site – some of them having no choice in the matter – is there enough money being spent on keeping the whole system secure?

Your email address will not be published. Required fields are marked *