Ubisoft security compromised

Publisher advises customers to change passwords after personal info, encrypted passwords accessed

Online security continues to be an issue for the gaming industry, as Ubisoft today told customers it discovered unauthorized access to "some of our online systems" through one of the publisher's websites using stolen credentials. Ubisoft said it discovered the breach "recently," but did not say when it had actually happened.

"We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems," the company said.

Customers' personal information was taken, including their names, e-mail addresses, and encrypted passwords. The publisher said no credit or debit card information was taken, and is recommending users change their passwords for Ubisoft's Uplay site, as well as those for any other service or site where they used similar passwords.

Ubisoft apologized for the breach, and said it was unrelated to other security problems other publishers have encountered recently.

Related stories

Ubisoft's "Minority Report of programming"

La Forge claims its Commit Assistant AI for detecting bugs as they're introduced can cut programming time by 20 per cent

By Brendan Sinclair

“History is our playground”: Bringing Assassin's Creed into the classroom

We speak to Maxime Durand, franchise historian behind the publisher's flagship series, about its new violence-free Discovery Mode

By James Batchelor

Latest comments (6)

Steven Hodgson Programmer, Code in Progress Ltd4 years ago
is it too much to ask for when ubisoft or any other company has been hacked and make statements, to know that the passwords are salted or not
1Sign inorRegisterto rate and reply
Greg Wilcox Creator, Destroy All Fanboys! 4 years ago
Annnnnnd, here we go again. Look, some things are NOT worth the convenience and who needs the stress of finding out YET again that one more game company has lost personal info from its customers. Not acceptable at all and when it happens to Microsoft and Sony (again) when those new consoles launch, I don't think it'll be easily forgotten with a simple apology...
0Sign inorRegisterto rate and reply
Bruce Everiss Marketing Consultant 4 years ago
You know those chavs who loiter in town centres in their cheap tracksuits, intimidating people and committing acts of indiscriminate vandalism? They are stupid, uneducated sociopaths.

The online equivalent are called script kiddies. They use easily available tools and known weaknesses to commit acts of indiscriminate vanadalism. And they think that they are clever. Sooner or later they will attack your website, with no good reason. Then boast about it on Pastebin with some warped, emotionally immature, justification. They do far, far more damage than their town centre cousins.

Our society has got pretty good at containing the town centre chavs. But we are doing close to zero about the script kiddies. Each night they get on their PCs and set out to destroy anything on the internet that takes their fancy. In minutes they can delete a blog they don't like that contains many thousand of hours of work. Or they can do huge commercial damage to your business, often costing people their jobs.

The police aren't interested. They are happy with the low hanging fruit of harassing motorists and pot smokers. So you have to protect yourself. You need to know the reality of the vulnerabilities of your online presence. And you need to get all the protection you can. Otherwise the script kiddies WILL get you.
0Sign inorRegisterto rate and reply
Show all comments (6)
Morville O'Driscoll Blogger & Critic 4 years ago
You need to know the reality of the vulnerabilities of your online presence
I changed my UPlay/Ubisoft password last night. Know what one vulnerability of theirs is? Password length between 8 and 16 characters. By comparison, my Steam password is 24 characters. Know another of Ubisoft's? Users can have the same password as before the security breach.

Damn lazy of them on both counts.
0Sign inorRegisterto rate and reply
Sam Brown Programmer, Cool Games Ltd.4 years ago
@Morville: The Steam maximum is actually 32, at least, that's how long mine is. Origin on the other hand is also 16, and PayPal's is only 20, worryingly.

Edit: Of course, length doesn't matter a damn if the stolen list wasn't salted.

Edited 2 times. Last edit by Sam Brown on 3rd July 2013 4:34pm

0Sign inorRegisterto rate and reply
James Prendergast Research Chemist 4 years ago
If they're going to force us to use their services if we want to play their games then they have to do better than this. This isn't 1999 and it there wasn't a tonne of big name hacks in the last few years.
0Sign inorRegisterto rate and reply

Sign in to contribute

Need an account? Register now.