Ubisoft Hacked

McSasquatch

Just a heads up - official forums.

Hello All,

We recently found that one of our Web sites was exploited to gain unauthorised access to some of our online systems. We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems.

During this process, we learned that data were illegally accessed from our account database, including user names, email addresses and encrypted passwords. No personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.

As a result, we are recommending you to change your password by clicking this link.

https://secure.ubi.com/register/Forg.../www.uplay.com

Out of an abundance of caution, we also recommend that you change your password on any other Web site or service where you use the same or a similar password.

Additional information can be found here and an official forum thread -- http://forums.ubi.com/forumdisplay.p...a-new-password -- has been created for you to post your questions.

We sincerely apologise for any inconvenience and thank you for your understanding
The Ubisoft team

Falthyron

Yeah, I just received an email asking me to change my password. It also recommends changing the password of other sites/services that use the same email/password.

Headshot

FFS im so pissed off by companies not protecting my ****ing details

COYVB

Headshot wrote: »

FFS im so pissed off by companies not protecting my ****ing details

It's not as if they sit them in an open folder on a public facing FTP in fairness. Everything can be hacked, sadly

Headshot

Its nearly a year today that the last hack happened, you would think they would of learned
Whats the betting they did **** all after the first hack..

Azza

Got the e-mail, changed my password fast and simple, although I'd appreciate it if they could do a better job with the security of U-Play, think this is the second security breach they have had.

Potential-Monke

I'm running out of passwords and starting to forget others...

COYVB

Headshot wrote: »

Whats the betting they did **** all after the first hack..

I doubt that tbh

Clover

Got the email also , nice and straight forward to change the password.

Daemos

Headshot wrote: »

FFS im so pissed off by companies not protecting my ****ing details

I find it strange how people blame the companies who get hacked more than the people who do the hacking?

McSasquatch

Potential-Monke wrote: »

I'm running out of passwords and starting to forget others...

Had this problem too, so have started using a password manager... Getting old I tells ya.

Headshot

Daemos wrote: »

I find it strange how people blame the companies who get hacked more than the people who do the hacking?

Of course they are pricks but you cant stop pricks, who do I blame,/give out about?

You even see some companies that make it piss easy for hackers (videogame plus) it isnt on in my books for a company to be hacked twice now

COYVB

Headshot wrote: »

Of course they are pricks but you cant stop pricks, who do I blame,/give out about?

Good idea. Let's not blame the people doing it, let's blame the people they're doing it to

You have the same view of rapists or what?

Headshot

COYVB wrote: »

Good idea. Let's not blame the people doing it, let's blame the people they're doing it to

You have the same view of rapists or what?

man your annoying


I blame the companies that have pathetic security If the company had proper security we wouldnt have all these hacks, granted we'll always get hacks but not to this level

Hackers are pieces of garbage and should be treated as such but its easy to give out about hackers but when companies dont protect your details, they get most of the blame imo.

wayne040576

Headshot wrote: »

man your annoying


I blame the companies that have pathetic security If the company had proper security we wouldnt have all these hacks, granted we'll always get hacks but not to this level

Hackers are pieces of garbage and should be treated as such but its easy to give out about hackers but when companies dont protect your details, they get most of the blame imo.

How do you know they have pathetic security? And how do you know having 'proper' security would prevent it? What's proper security anyway?

Headshot

2 hacks within a year doesnt paint a good picture

wayne040576

Headshot wrote: »

2 hacks within a year doesnt paint a good picture

Blizzard have been hacked a few times recently too despite having more security procedures in place than most.
Microsoft have had a history of social engineering hacks in the last year as well on xbox live as have several companies. It happens all the time. If you know what you're doing and keep prodding, no security will keep you out.

Headshot

http://www.computerandvideogames.com/360662/uplay-security-flaw-a-huge-risk-says-hack-expert/

Ubisoft must patch its uPlay online service "as a matter of urgency", an online security expert has told CVG.

Early reports indicate that Ubisoft's online PC network has been hacked into with new exposed data suggesting that the service includes an alleged "rootkit"; a term given for software that gains privileged access onto sensitive computer files.

Ubisoft has declined to comment at this early stage.

Rik Ferguson, the director of security research at Trend Micro, challenged the assumption that the service features a rootkit.

However, he added that the security flaw represents a huge risk and must be resolved immediately.

"This certainly looks like an easily exploitable software flaw, but I'm not sure I would go as far as calling it a rootkit," Ferguson told CVG.

"The reports state the exploitable code is in the form of a browser plugin, the plugin does not attempt to hide its presence on your system and can be relatively simply disabled. It's not a malicious root, just really bad code," he added.

Ferguson's account reflects another IT expert's view, who told CVG that the exploit was likely an unintentional security vulnerability, as opposed to an intentional backdoor left in the system.

uPlay is a mandatory service that registers PC games published by Ubisoft.

Ferguson urged Ubisoft to fix the loophole as soon as possible now that the exploit is public information.

"Pushing out such easily exploitable code, to such an easily targeted platform as a web browser through such a huge gaming population presents a huge risk and will of course be of interest to online criminals.

"Ubisoft should be patching this code as a matter of urgency and in the meantime, gamers should be disabling the plug-in".

COYVB

Headshot wrote: »

I blame the companies that have pathetic security If the company had proper security we wouldnt have all these hacks, granted we'll always get hacks but not to this level

But that's not true at all. Everything can be hacked. Ubisoft obviously DO have proper security, to think otherwise is absolute nonsense

Falthyron

If you don't want your details being stolen then don't give them to free services. Nothing, NOTHING is 100% secure.

Alternatively, don't go on the internet at all.

Headshot

"Ubisoft installs a backdoor that allows any website to take over your computer. The Sony BMG rootkit was also DRM and required product recall when it was discovered."

Another wrote: "I noticed the uPlay installation procedure creates a browser plugin for its accompanying uPlay launcher, which grants unexpectedly (at least to me) wide access to websites".

Man thats bad

wayne040576

That's last years attack. I'm assuming they've fixed it by now :eek:
But let me ask you this. With all of the hacks that have happened over the past couple of years have you updated your own personal security practices or are you still doing the same thing you always did? Do you use a different , strong password for every site and service that you use or are you using the same password on several sites?

By the way a strong password is something like "58EL$mPx%Wsl" a completely random sequence of characters.

Headshot

Oh ya my passwords are rock solid, hell I couldnt even remember them. Im probably unfair on company websites being hacked tbh. Just the videogameplus hack which even I could of done lol (that simple) leaves a bad taste in my mouth.

Dravokivich

Headshot wrote: »

Its nearly a year today that the last hack happened, you would think they would of learned
Whats the betting they did **** all after the first hack..

The last uplay hacking was of their store primarily software fileshares. User account details weren't comprimised at the time.

Got the email too. Only problem is I can't remember when I signed up to Ubisoft. Not sure what password I used, so don't know what other websites (if any) I used it on.

Most of my account on gmail, paypal etc all has very long passwords, randomly generated and 2 factor auth where available. I'm a bit paranoid when it comes to online security.

nesf

Yeah I'm just getting an error when I try to change password now. Eh, I'll try again later.

nesf

nesf wrote: »

Yeah I'm just getting an error when I try to change password now. Eh, I'll try again later.

I was getting a cookie error with Firefox. Just opened it up in Chrome, that worked for me.

nesf

Deleted User wrote: »

I was getting a cookie error with Firefox. Just opened it up in Chrome, that worked for me.

I'm using Chrome. :P

K.O.Kiki

I use a 26-character password composed of 4 words and extra numbers/letters.

nesf

K.O.Kiki wrote: »

I use a 26-character password composed of 4 words and extra numbers/letters.

Ubisoft only leave you use 16. Though honestly, 16 random digits is, right now, unreasonable to crack even using a supercomputer.

Nolars

The only reason I am on ****y uplay is cause I got 2 free games with my gpu.