Ubisoft Reveals Online Security Breach

 Pages 1 2 NEXT
 

Ubisoft Reveals Online Security Breach

Ubisoft logo

Ubisoft is recommending that all account holders change their passwords in the wake of recent unauthorized access to its user database.

In a security update posted on the Ubisoft support site, the publisher revealed that unauthorized access to some of its online systems was recently gained through an exploit of one of its websites. That access point was quickly closed but during a follow-up investigation, Ubisoft learned that "data were illegally accessed from our account database, including user names, email addresses and encrypted passwords."

The good news is that Ubisoft doesn't store any payment information on its sites so no credit card numbers were lost, but user accounts are still potentially at risk. Ubisoft didn't specify how many users were affected by the breach but given that it is urging all users to change their passwords, it's a reasonable bet that the number roughly falls somewhere between "we don't know" and "everyone." The company also recommended password changes on sites where the same or similar passwords are being used.

A forum thread has been created to answer any questions you may have regarding the breach, and of course Ubisoft sincerely apologizes for any inconvenience and thanks you for your understanding.

Source: Ubisoft

Permalink

Clearly this is just part of an elaborate marketing campaign for Watch Dogs...

But yeah, changed the password ASAP.

Password... Nope. F**king password... Access Granted.

This article doesn't mention that they also sent out emails to Ubisoft users as well informing them of the breach (myself included)

Thank you Ubisoft for being this up front about it. I blame you for nothing.

Erm... Again? Didn't they get hacked just a month or two ago when Blood Dragon was leaked?

*Sigh* And in case anyone still wonders why so many people aren't entirely enthusiastic about the potential for an all-digital marketplace...

I bet it was those interweb pirates, probably used a trojan hearse to intercept the jigabytes! The only solution, more DRM. And fast!

Even though they get a lot of crap for being a bit shit it seems like they are at least sensible enough to act quickly when things like this happen. Although really they should be making sure it doesn't happen in the first place.

Wait, Ubisoft just now found out about the NSA whistle blowing? Eh, better late than never.

In seriousness, I don't even know if I have a Ubisoft account anymore, there's so many accounts that practically every game requires a new one. MMOs, Steam, Origin, XBL, Ubisoft, etc. I forget my accounts all the time. I hope all that are affected can quickly get their passwords and account sorted out.

What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

Does this involve uPlay, because I can't change the password for it when the bloody site is under maintenance right now!

Shit. I ave no idea what my password is, I only played their damned games on the 360, that will know... If I was talking to it.

Create an online authorization system to prevent unauthorized users from accessing games.

image

Stolen passwords allow unauthorized users to access games.

I find this hilariously appropriate. You know, all of this could have been prevented if they dropped the shoddy DRM in the first place and stopped treating potential customers like criminals.

kailus13:
What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

depends how much people have reused the same password. if its a one off use then almost noting is gained, but if they use the same for all sites they might be able, with e-mail and reused password, to log into other games. most mmos have some form of black market for ingame items. or if they people are really not up to speed on internet security it could give them access to other stuff like banking or whatever.

then they could probally sell the list of email addresses to spam bots

What's the worst that could happen if I don't?

kailus13:
What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

It's always for the lulz.

Just an FYI to anyone who can't remember their password (hell, i didnt even know i had one) Just go to the ubisoft.com site, press a button up top that says click here to change your password. Just enter you email adress, go to your email, press that link and enter a new password. No old password required.

(I didn't press the link in the email Ubisoft sent me to inform me of the hack because, well, they just got hacked)

Anyway, just one more example of why always online and DRM in general is the worst idea ever.

kailus13:
What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

Confirmed email adresses, lots of them. The bread and butter of spammers, phishermen and crooks everywhere. And maybe they hoped for phone numbers, physical adresses and credit card numbers as well.

They don't need to thank me for my understanding, because I have none left after a dozen of similar occurences. And I'd better start bracing for the inevitable wave of new spam. At least they didn't get my phone number and postal adress this time. Getting phonecalls and letters from scammers is getting annoying.

It's a good thing I only have Farcry 3 and Farcry3 Blood Dragon on my uPlay account..

rodneyy:

kailus13:
What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

depends how much people have reused the same password. if its a one off use then almost noting is gained, but if they use the same for all sites they might be able, with e-mail and reused password, to log into other games. most mmos have some form of black market for ingame items. or if they people are really not up to speed on internet security it could give them access to other stuff like banking or whatever.

then they could probally sell the list of email addresses to spam bots

Very true!

In fact I'll post this interview I stumbled across 2 yrs ago. The young guy being interviewed is one Jared Psigoda who is a self-described "King of Chinese gold farming".The whole interview is interesting to watch just to get an understanding on how these gold farming companies work.

The related part to this thread is at 32:20 (I wish I knew how to post a youtube video at the correct time slot)where he explained exactly how game accounts get hacked.

Hint: Its from all the forum sites.

Good to know that my accounts from other services could be compromised thanks to one of the most arrogant and terrible companies in the industry.

I sincerley regret purchasing FarCry 3. it wasn't even that good, Now, even more so

It's nice to know the uplay account I was unexpectedly forced to create after I bought Assassin's Creed 2 on Amazon.com has been hacked.

Thank you Ubisoft, I'll be buying lots of thing from you in the future.

I think it's good that I signed up to Uplay with my spam-ready email. I'm going to be on a lot of mailing lists again.

And as usual, encrypted passwords mean it's unlikely anything will be compromised. I don't have any of my MMO accounts on this password or email anyway the only things of any value that MIGHT share a password (but not an email adress) are easy to prove as mine and keep control of. Yay for being reasonably security conscious.

That said, it's about time I did a big password change across the board. That is not fun.

Dammit Ubi! I not only have to go through my active games, but will also have to do so for a friend of mine who is less security paranoid conscientious.

I had finally gotten comfortable with Uplay despite the webbrowser vulnerability affair from before.

Guess what, Ubi, I'm dropping my price point 25% for games that require Uplay. You cost me time. Now you won't cost me so much money. Drop Uplay. Drop DRM and I'll forgive you.

238U

TheEvilCheese:
I think it's good that I signed up to Uplay with my spam-ready email. I'm going to be on a lot of mailing lists again.

When Uplay demanded my email address, I raged and hunted down temporary email services (like Slopsbox but they've since dissolved.)

Guerrillamail is still active, and you can choose your own service here.

So yeah, if only email addies are all that was compromised I'll be okay. And, Nobody sells me a game and then tells me I have to give up privacy in order to play it.

That said, it's about time I did a big password change across the board. That is not fun.

Actually, thanks to the whole NSA surveillance fiasco, I've been learning to shift my habits with the intent of shifting towards end-to-end encryption. The Pirate Party guys point out that the first step is to start taking passwords seriously. We've become lazy with websites that will happily email or reset your password if you forget it. Encrypt your archives and forget the password, and they're gone!

I've also been considering developing passwords that are not shoulder-surfable. Taking a page from XKCD using randomly alternating 1s and ls (and Os and Qs and 0s and...) But again, that may be going to a paranoid extreme.

01QQlOO000lQ0O1Q!

238U

Callate:
*Sigh* And in case anyone still wonders why so many people aren't entirely enthusiastic about the potential for an all-digital marketplace...

Exactly. One account for this stuff is fine, but I was forced to sign up for Uplay to play Blood Dragon which I got off Steam. Now I have to worry about this too? Just wait until every publisher does this bullshit on pc's so you'll have sensitive data on 20 different accounts

Edit: Fuck Ubisoft. I can't even change my password because it keeps giving an error message that says "enable cookies" which are enabled. After trying on 3 different browsers, I looked up the error and found it on Ubisoft's facebook page. Apparently its code for "site is down for maintenance". Fuck. Ubisoft.

Well well. Looks like those with the common sense to tell Ubisoft to Fuck off when they said always on and have stuck to it are coming out of this shit storm smelling like a rose.

Moral to the story... dont put info online and it can never be stolen by online hackers.

I don't remember if I even had a Ubisoft account. The main email I've used for years now is apparently not in their databases, so if I do have it, it would be with a different one. But I can't remember even half of the email accounts I've had over the years.

This might be a problem...

kailus13:
What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

Alot of people use the same passwords etc between sites, so while the Ubisoft site may not be of value, with those details they can go to another site and login to get more info or steal money etc. Also useful for identity theft.

I got an E-mail about it...I didn't even know I had an account with them...

ellieallegro:
Password... Nope. F**king password... Access Granted.

HAHAHAHAHAHA! I see what you did there.

VladG:
Erm... Again? Didn't they get hacked just a month or two ago when Blood Dragon was leaked?

probably every major release. a few hackers know a way to get into ubisoft servers and they can easily cut down thier DRMs this way, and since ubsisoft fail to update their security for what 4 years now they keep on coming in when they want.

Fuck you very much, Ubisoft. You force me to create a damn UPlay account just to get into AC2, and then you screw up in keeping my info safe. It's not your fault I now need to update my passwords on at least 10 different websites, but the point is I shouldn't have to. So fuck you all the same.

Getting real tired of all this shit. Companies should be fined or forced to compensate customers whose privacy is infringed when data is stolen. No excuses. If you want us to make accounts for everything, that should come with a responsibility to keep data safe.

sleeky01:

rodneyy:

kailus13:
What exactly would hackers have to gain from this? They don't seem to be able to get any money from it. Is it just "for the lulz"?

depends how much people have reused the same password. if its a one off use then almost noting is gained, but if they use the same for all sites they might be able, with e-mail and reused password, to log into other games. most mmos have some form of black market for ingame items. or if they people are really not up to speed on internet security it could give them access to other stuff like banking or whatever.

then they could probally sell the list of email addresses to spam bots

Very true!

In fact I'll post this interview I stumbled across 2 yrs ago. The young guy being interviewed is one Jared Psigoda who is a self-described "King of Chinese gold farming".The whole interview is interesting to watch just to get an understanding on how these gold farming companies work.

The related part to this thread is at 32:20 (I wish I knew how to post a youtube video at the correct time slot)where he explained exactly how game accounts get hacked.

Hint: Its from all the forum sites.

Quote me when you get this and look at what I did. It requires some basic math and coding skills, but nothing that a pen/pencil and a post-it can't easily remedy.

Question: I have all of my Ubi games through Steam is this a concern for me since all the financial bits are on steam and not uplay?

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Registered for a free account here