Ubisoft changes employee passwords after “cyber security incident”

Graham Cluley
@gcluley

Ubisoft changes staff passwords after "cyber security incident"

Video game company Ubisoft, maker of hit titles like Assassin’s Creed and Just Dance, says that it has “experienced a cyber security incident.”

In a brief statement published on its website, Ubisoft said that out of caution it had “initiated a company-wide password reset” but that games and services were acting normally and there was “no evidence” any players’ personal information had been exposed.

Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset. Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident.

If the claim that no players’ data was breached as a result of the “security incident” then I guess that’s some relief, at least.

EmailSign up to our newsletter
Security news, advice, and tips.

As The Verge reports, the LAPSUS$ hacking group – which has recently claimed responsibility for attacks that stole internal data from NVIDIA and Samsung – implied on a Telegram group that it might be taking credit for the Ubisoft incident as well.

And by the way, who on earth says “experienced a cyber security incident”?

Come on Ubisoft, tell us what happened! Did someone manage to log into your network using stolen staff passwords? Did someone leave a sensitive database lying around exposed on the public internet? Did a member of staff get duped into running malware on their computer?

Some details would be nice…

And maybe sharing some more information of what you’re doing to strengthen security would be helpful too.

For instance, changing passwords is all very good (and let’s hope you’re advising members of staff to not use easy-to-crack passwords, or passwords that they have previously used elsewhere on the internet), but wouldn’t it be great to hear that you’re ensuring all workers are hardening their staff accounts with multi-factor authentication as well?

Ubisoft is no stranger to hacking attacks. Here is just a handful of the incidents which have plagued the games publisher over the years:

In 2009 Russian-speaking hackers were said to have defaced the official website of Ubisoft’s game Splinter Cell.

Ubisoft tweet

In 2013, hackers managed to access databases that included players’ usernames, email addresses, and encrypted passwords, causing Ubisoft to advise users to change their login credentials.

More recently, the Egregor ransomware gang published what they claimed was the source code of the video game Watch Dogs: Legion, after breaching servers at Ubisoft.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.