Ubisoft Hacked, Account Data Compromised

Freshly Exhumed writes "There's a new security breach announcement over at the website of game publisher and developer Ubisoft today. Quoting:: 'We recently found that one of our Web sites was exploited to gain unauthorized access to some of our online systems. We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems. During this process, we learned that data were illegally accessed from our account database, including user names, email addresses and encrypted passwords. No personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion. As a result, we are recommending you to change your password by clicking this link.'"

should of killed the DRM system

[Joe_Dragon]

at the same time they got in

Re:should of killed the DRM system

Right, because that's how hacking works. After the bright red meter labeled "Accessing Secret Files From Gibson" filled up, they could have just pressed the glowing green button that said "Kill The DRM System". How silly of them to have missed that.

Re:should of killed the DRM system

We never had this problem when I was playing Road Rash and Screamer and Doom and Quake and Duke Nukem, because the game publishers never had any personal info of ours to lose in a security breach. You paid your cash for the game, put the CD in, installed, and played.

In the late eighties we got rid of DRM by refusing to buy software with it. Lots of companies went out of business because of DRM. All they had to do was wait for a more gullible and docile generation to come along and bring it back.

DRM is the biggest reason I stopped gaming (that, and none of the new games were as good as the old ones, even if the artwork was better). I wonder how many other customers DRM has cost these morons? Keep shooting, ubisoft, you have more feet and bullets left.

Re:should of killed the DRM system

[ArcadeMan]

To see my reply, please enter the 3rd word of the 7th paragraph on page 12 of your game book.

Re:should of killed the DRM system

[g0bshiTe]

I for one enjoy my non-purchased DRM bypassed games!

Great job there, UbiSoft

I never wanted to sign up for your crappy service in the first place, but was forced to just so I could play a game I already legally purchased.

Fuck you, UbiSoft!

Seems legit.

[ernest.cunningham]

You account details have been hacked.....click this link to reset your password.
Seems legit!

Re:The point?

[Sir_Sri]

Plenty of time, as less than an hour after the hack occurred, for ~60% of users.

http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

What Ubisoft Does Best

[Somebody+Is+Using+My]

Attempting to log-onto their website, I get the following warning:

For security reasons we recommend that you change your password

and a link to change the password.

Interestingly, there is no option to log-on /without/ changing the password. "Recommend" apparently means "you have no choice" in UbiSpeak.

Unfortunately, since the email address I used to register the account is no longer active, and there is no option to update the email address (since I can't log-on at all) I guess I'm screwed (silly me for not keeping my info up to date on a service I had little interest in joining except that it was forced on me to play a game I had legally purchased).

So, I guess it's par for the course for you guys at Ubisoft; you've screwed me over again. Great job, guys; first you force me to sign up to UPlay in the first place, then you screw up by leaking the log-in info all over the net and now you prevent me from changing my password. Maybe you can block access to the games I paid for as well just to round out the whole experience.

The actual e-mail for reference

[jones_supa]

Security update regarding your Ubisoft account
- please create a new password

Dear Member,

We recently found that one of our Web sites was exploited to gain unauthorised access to some of our online systems. We instantly took steps to close off this access, investigate the incident and begin restoring the integrity of any compromised systems.

During this process, we learned that data had been illegally accessed from our account database, including user names, email addresses and encrypted passwords. Please note that no personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.

As a result, we are recommending that you change the password for your account: <account name>

To enter your new password, click the link below: https://secure.ubi.com/register/ResetPassword.aspx?...

Out of an abundance of caution, we also recommend that you change your password on any other Web site or service where you use the same or a similar password.

You can find more information here https://support.ubi.com/en-GB/FAQ.aspx?platformid=60&brandid=2030&productid=3888&faqid=kA030000000eYYxCAM.

For any additional support enquiries, please contact our customer service via our support web site at https://support.ubi.com/

We sincerely apologise to all of you for the inconvenience. Please rest assured that your security remains our priority.

The Ubisoft team

Cookie requirement? C'mon guys.

[Xzzy]

I like how their website tosses up an error saying I "need to enable cookies" even though I do in fact have cookies turned on. Only thing I am blocking is their attempts to track me by including google analytics.. I can use their password change just fine if I use an incognito window (which temporarily disables my plugins).

I suppose the original fault lies with me for creating an account with these goofballs.