Ubisoft recently discovered that one of their websites had been hacked and the attacker(s) were able to gain unauthorized access to some of their online systems. The company didn’t reveal exactly how many accounts were compromised but did suggest that everyone with a Ubisoft account change their passwords.
Ubisoft noted in a blog post that they immediately started an investigation with the relevant authorities as well as internal and external security experts. Ubisoft said they have also started restoring the integrity of systems that may have been compromised.
Specifically, Ubisoft said the breach resulted in the unauthorized access of sensitive data including user names, e-mail addresses and encrypted passwords. Even though passwords weren’t stored in plain text, they could be cracked, especially if the chosen password is weak. They did point out, however, that no personal payment information is stored with Ubisoft so all credit / debit cards information was safe from the attack.
Even if information like phone numbers and physical addresses weren’t compromised, dealing with a breach of this nature can be a major headache for users. If a thief is able to crack a password, they could test the user name and password as logins for other sites or in a best-case scenario, you’ll likely end up with a bit more spam in the inbox associated with the e-mail address that was stolen.
Ubisoft said the uptime and stability of their games’ online services were not affected by the intrusion.