Close
Are you sure? Are you sure you want to report this comment? I understand, report it. Cancel

Ubisoft security compromised

Ubisoft security compromised

Tue 02 Jul 2013 5:18pm GMT / 1:18pm EDT / 10:18am PDT
OnlineSecurity

Publisher advises customers to change passwords after personal info, encrypted passwords accessed

Online security continues to be an issue for the gaming industry, as Ubisoft today told customers it discovered unauthorized access to "some of our online systems" through one of the publisher's websites using stolen credentials. Ubisoft said it discovered the breach "recently," but did not say when it had actually happened.

"We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems," the company said.

Customers' personal information was taken, including their names, e-mail addresses, and encrypted passwords. The publisher said no credit or debit card information was taken, and is recommending users change their passwords for Ubisoft's Uplay site, as well as those for any other service or site where they used similar passwords.

Ubisoft apologized for the breach, and said it was unrelated to other security problems other publishers have encountered recently.

6 Comments

Steven Hodgson
Programmer

77 111 1.4
is it too much to ask for when ubisoft or any other company has been hacked and make statements, to know that the passwords are salted or not

Posted:9 months ago

#1

Greg Wilcox
Creator, Destroy All Fanboys!

1,993 902 0.5
Annnnnnd, here we go again. Look, some things are NOT worth the convenience and who needs the stress of finding out YET again that one more game company has lost personal info from its customers. Not acceptable at all and when it happens to Microsoft and Sony (again) when those new consoles launch, I don't think it'll be easily forgotten with a simple apology...

Posted:9 months ago

#2

Bruce Everiss
Marketing Consultant

1,716 598 0.3
You know those chavs who loiter in town centres in their cheap tracksuits, intimidating people and committing acts of indiscriminate vandalism? They are stupid, uneducated sociopaths.

The online equivalent are called script kiddies. They use easily available tools and known weaknesses to commit acts of indiscriminate vanadalism. And they think that they are clever. Sooner or later they will attack your website, with no good reason. Then boast about it on Pastebin with some warped, emotionally immature, justification. They do far, far more damage than their town centre cousins.

Our society has got pretty good at containing the town centre chavs. But we are doing close to zero about the script kiddies. Each night they get on their PCs and set out to destroy anything on the internet that takes their fancy. In minutes they can delete a blog they don't like that contains many thousand of hours of work. Or they can do huge commercial damage to your business, often costing people their jobs.

The police aren't interested. They are happy with the low hanging fruit of harassing motorists and pot smokers. So you have to protect yourself. You need to know the reality of the vulnerabilities of your online presence. And you need to get all the protection you can. Otherwise the script kiddies WILL get you.

Posted:9 months ago

#3

Morville O'Driscoll
Games Blogger & Journalist

1,374 1,021 0.7
You need to know the reality of the vulnerabilities of your online presence
I changed my UPlay/Ubisoft password last night. Know what one vulnerability of theirs is? Password length between 8 and 16 characters. By comparison, my Steam password is 24 characters. Know another of Ubisoft's? Users can have the same password as before the security breach.

Damn lazy of them on both counts.

Posted:9 months ago

#4

Sam Brown
Programmer

237 163 0.7
@Morville: The Steam maximum is actually 32, at least, that's how long mine is. Origin on the other hand is also 16, and PayPal's is only 20, worryingly.

Edit: Of course, length doesn't matter a damn if the stolen list wasn't salted.

Edited 2 times. Last edit by Sam Brown on 3rd July 2013 4:34pm

Posted:9 months ago

#5

James Prendergast
Research Chemist

730 410 0.6
If they're going to force us to use their services if we want to play their games then they have to do better than this. This isn't 1999 and it there wasn't a tonne of big name hacks in the last few years.

Posted:9 months ago

#6

Login or register to post

Take part in the GamesIndustry community

Register now