Ubisoft said on Tuesday that one of its Web sites was exploited to gain unauthorized access to some of its online systems. The company said it immediately took steps to block the intruders and began restoring the integrity of any systems that may have been compromised. Ubisoft is also currently working with the authorities as well as internal and external security teams.
"During this process, we learned that data had been illegally accessed from our account database, including user names, email addresses and encrypted passwords," the company said. "It’s important to note that no personal payment information is stored with Ubisoft, so fortunately all credit/debit card information was safe from this intrusion."
Naturally Ubisoft recommends that everyone with a Ubisoft account change their password. Even more, change the password on any other Web site or service where the same or a similar password is used to help ensure the safety of personal information.
"Credentials were stolen and used to illegally access our online network. We can’t go into specifics for security reasons," the company said. "To our knowledge, no other personal information (phone numbers, physical addresses etc. was accessed)."
Ubisoft went on to report that security teams are exploring all available means to expand and strengthen its security measures in order to better protect customers, but no company or organization is completely immune to "these kinds of criminal attacks". Ubisoft also said the uptime and stability of its games’ online services were not affected by this intrusion, and that the attack did not originate via any Uplay services.
Given that credit card information was not accessible, Ubisoft customers should likely be worried about hackers retrieving their information and hacking into other gaming services that do contain credit card information. Currently there's no evidence that this intrusion is related to any other game company’s previous security incidents.
"We… are continuing to investigate the incident," Ubisoft said.