Ubisoft today admitted one of its websites was recently hacked, resulting in the compromise of usernames, email addresses, and encrypted passwords. Unfortunately, the company did not share which website had its security systems breached nor what kind of encryption the company was using for the data in question.
There is some good news, however, as Ubisoft claims that no personal payment information was taken as no financial data such as debit or credit information is stored on its servers. An investigation is already underway “with relevant authorities, internal and external security experts.”
To err on the side of caution, Ubisoft is asking all users to reset their password here. Furthermore, the company recommends that you change your password on any other website or service where you use the same or a similar password.
Although Ubisoft doesn’t mention which one of its sites was compromised, there is a clear link to the digital distribution service Uplay. The first hint is that the reset password link mentioned above includes the Uplay URL, and the second is that Uplay is the main solution the company uses to store customer data.
The <3 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
That being said, Ubisoft specifically says on its support page that Uplay’s servers weren’t compromised. “No, the attack did not originate via any Uplay services, the intrusion targeted some of our online systems.”
For reference, the full announcement is as follows:
Hello All,
We recently found that one of our Web sites was exploited to gain unauthorized access to some of our online systems. We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems.
During this process, we learned that data were illegally accessed from our account database, including user names, email addresses and encrypted passwords. No personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.
As a result, we are recommending you to change your password by clicking this link.
Out of an abundance of caution, we also recommend that you change your password on any other Web site or service where you use the same or a similar password.
An official forum thread has been created for you to post your questions.
We sincerely apologize for any inconvenience and thank you for your understanding.
Top Image Credit: Dimitris Kritsotakis
Get the TNW newsletter
Get the most important tech news in your inbox each week.