Hackers attack games publisher Ubisoft, steal players’ personal information

Hackers attack games publisher Ubisoft, steal players' personal information

Ubisoft, one of the world’s most famous games publishers, has admitted that hackers managed to break into its servers, and stole account databases which included game players’ usernames, email addresses and encrypted passwords.

ubisoft-hack

There are obvious risks that the email addresses could be spammed by malicious attackers. It’s easy to imagine, for instance, cybercriminals attempting to trick targeted game players into downloading malware disguised as a new game.

Sign up to our free newsletter.
Security news, advice, and tips.

The good news, the company says, is that no personal payment information has been accessed – meaning credit card information has not been compromised.

Ubisoft logoUsers are being advised to change their passwords, and (sensibly) Ubisoft recommends that you also change the password on any *other* site where you might have been using the same password.

As we have said many times before, it’s never a good idea to use the same password in more than one place – after all, if a hacker manages to steal your password in one place you don’t want them to be able to use it to access your other online accounts.

In an attempt to smooth the process, Ubisoft has created a webpage where users can change their passwords.

Some users, however, are reporting that their attempts to visit the page are met with an unhelpful error message (perhaps because the page is overloaded with traffic?):

Page under maintenance

At the moment, unfortunately, Ubisoft is being a little vague in its FAQ as to how securely it was holding users’ passwords:

What is an encrypted password?
Passwords are not stored in clear-text but as an obfuscated value. Those cannot be reversed but could be cracked, in particular if the password chosen is weak. This is the reason we are recommending our users to change their password.

That doesn’t sound very comforting to me, and suggests that Ubisoft may not have been following best practice to secure those passwords. Fingers crossed, hackers don’t manage to crack the passwords… That would make a bad situation even worse.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.