July 3, 2013
Hack On Game Company Ubisoft Leaks Account Information
Michael Harper for redOrbit.com - Your Universe Online
Gaming company Ubisoft has been hacked, resulting in the release of email addresses, user names and encrypted passwords. The company released a statement on Tuesday admitting the hack, noting that while some information had been accessed, users' credit and debit card information was not released. As an added security measure, the company is asking all users to change their passwords.
In an interesting twist, one of Ubisoft's newest games, called "Watch Dogs," centers around hacking and cyber warfare. The company worked with security experts Kaspersky Labs for research about hacking and cyber-attacks for the upcoming title.
"We recently discovered that one of our Web sites was exploited to gain unauthorized access to some of our online systems. We instantly took steps to close this off and to begin a thorough investigation with the relevant authorities, internal and external security experts, and to start restoring the integrity of any systems that may have been compromised," reads Ubisoft's security update.
"During this process, we learned that data had been illegally accessed from our account database, including user names, email addresses and encrypted passwords. It's important to note that no personal payment information is stored with Ubisoft, so fortunately all credit/debit card information was safe from this intrusion."
The French gaming company claims its website was exploited after "credentials" were stolen and used to access the site illegally, though they said they can't legally divulge any further details.
The company also says their encrypted passwords are not stored in clear-text form, meaning hackers would have to try to crack the encryption to access these credentials.
They also note that while this protects most passwords, those passwords which are weak are more vulnerable to attacks. This is one reason why the company is asking users to change their passwords not just for the Ubisoft site, but for all other sites as well, especially if they use the same password for multiple accounts.
Though Ubisoft addressed this problem head-on with a public statement and emails to all users with game accounts, some may have been reminded of an earlier security risk in Ubisoft PC games.
Last July, a backdoor was discovered in a browser plugin Ubisoft installs when users download PC games. Some users had discovered the faulty plugin allowed any malicious websites to open up the Ubisoft software (called Uplay) and inject malicious code directly into the computer. The gaming company released a patch for the faulty browser plugin and issued a public statement concerning this flaw.
According to Ubisoft's official announcement, the reaction to this attack is fairly mixed. Some users thanked the company for being forthcoming about the hack and suggesting all users change their passwords. On the other hand, some users are quite upset about the possible leak of their information.
"Thanks a lot for loosing [sic] my mail address. How would you like it to get spam messages every day after a break in at ubisoft?!?!" wrote one user operating under the name "Pascal."