Ubisoft, creator of popular games such as Assassin's Creed and the Just Dance series, has revealed its cloud hosting database containing user account information was compromised by hackers. As such, all users are encouraged to change their passwords at once.
“We recently discovered that one of our web sites was exploited to gain unauthorized access to some of our online systems…During this process, we learned that data had been illegally accessed from our account database, including user names, email addresses and encrypted passwords,” the company said in a statement.
Ubisoft: No Financial Data Compromised
The company assured users their personal financial data is safe, due to the fact they do not store it in this database. All credit and debit card information remains safe.
Regardless, it is imperative users change their passwords immediately. Additionally, users should be mindful of other web pages they frequent where they use the same login information, or at least the same password. These should also be changed. “Out of an abundance of caution, we are recommending all our users change their passwords.”
Ubisoft: Taking Preventative Steps
Although they have no idea who is responsible (or so they say in their press release, they provided very little information regarding the attack), they assure users they are taking steps to tighten up security on the cloud hosting gaming site.
“Ubisoft security teams are constantly exploring all available means to expand and strengthen our security measures against such criminal activities in order to better protect our customers,” read the statement.
“Targeted Internal Online Systems”
Users of Ubisoft's Uplay service, where customer data is stored, was apparently not affected by the security breach. Uplay, introduced in 2009 allowing digital distribution and social features across all of the company's games, was compromised in 2012 after a browser exploit was discovered with a certain plugin. This exploit allowed malicious websites access to player computers.
Said an Ubisoft representative of the latest hacking incident, “The attack did not originate via any Uplay services, the intrusion targeted some of our internal online systems.”
Upon discovering the exploit from 2012, Ubisoft made a “forced patch” in order to correct the issue. Users had to update their Uplay PC app without an open web browser in order to update the plugin properly.
Not Much Information
Due to security concerns, Ubisoft isn't giving up much information. They released no details as to the number of accounts affected or who is responsible. What they did confirm: the hack was made possible after an Ubisoft employee's credentials were stolen. The hacker used these credentials to log into the Ubisoft online network.
“Unfortunately, no company or organization is completely immune to these kinds of criminal attacks,” the statement said. They are assuring a “thorough investigation with relevant authorities” is conducted with “internal and external security experts” to “restore the integrity of any compromised systems…We sincerely apologize to all of you for the inconvenience. Please rest assured that your security remains our priority.”
Not The Only Time Gaming Site Targeted
In 2011, Lulz Security claimed responsibility for hacking the gaming magazine The Escapist along with the login server for the MMO game EVE Online, login server for the game League of Legends, and login server for Minecraft.
LulzSec never said why they hacked these games, but there was speculation in the gaming world that it was because of talk going around that EVE was going to have a Playstation version. There was no confirmation of this however, so it remains speculation.
What all of these attacks shows is that it doesn't matter what content your servers host, or how popular you think your site is. There might be a hacker in the wings, waiting to sneak in and steal your customer data.
(October 30, 2019) Ubisoft, a gaming company, reports a 93% drop in the frequency of DDoS attacks aimed at Rainbox Six Siege (R6S) servers after pushing back against attackers. It sent cease-and-desist letters to DDoS service providers (DDoS booters, or DDoS stressors), filed complaints against offending players to protect it's player's ecosystem. The attacks began after the reset of R6S player rankings. Some players planned DDoS attacks and tried to create lag and force opponents to disconnect so that they would earn points to advance through the R6S overall ranking.
Ubisoft filed legal complaints against prominent DDoS/DoS attackers, abusers, and cheat makers. Furthermore, improved server configuration, infrastructure updates. It reduces the availability of DDoS service providers and prevents players from cheating their way through the ranks.