Ubisoft probes sudden rash of hijack attacks on gamers' accounts

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.theregister.co.uk/2013/01/04/ubisoft_gaming_account_hijack_caper/

Ubisoft is investigating a recent spate of hijackings of gaming
accounts belonging to users of its Uplay platform.

Complaints about account hijacking flared up around 30 December,
leading to numerous posts on support forums. "There is no one at Ubi
manning the support system, and the DRM requires access to your
account," one victim, who tipped us off about the problem, told El
Reg.

Many of the compromised accounts have had their email addresses
changed to uplay[somenumber]@playbay.su, suggesting one group of
hackers (or perhaps an individual) is behind the attack. An official
update to Ubisoft's Facebook support page said the games publisher has
begun investigating the problem.

We are investigating the origin of these hijackings. In the mean time,
if you have had your account compromised make sure you check and
change the passwords of all of your important online services. We've
heard people mention services like Yahoo, Amazon, and EA were also
compromised at the same time.

To make your Uplay account more secure, link Facebook. This is my
personal suggestion. If you have a Facebook account attached you can
always go back to uplay.com and take your account back because the
user cannot unlink this account.

Customer support is here to help while the security team works on it
and we are giving the accounts back to the rightful owners.

Rumours are flying around that Ubisoft's UPlay service was hacked by
Russian hackers but these rumors are unsubstantiated and probably best
ignored until a clearer picture of what's happening emerges.

"While there's a rash of account compromises being listed on the
Ubisoft forums and Facebook page, I'm not seeing much on dedicated
gaming portals with high traffic such as the Steam forum, NeoGAF and
elsewhere," said Chris Boyd AKA PaperGhost, a senior threat researcher
at GFI Software and an expert in gaming security.

"Additionally, many users deny using so-called 'trainers' (cheat
programs) which might have been emailing credentials back to base so
there's not a lot to go on at the moment. One of the biggest problems
with PC gaming is the amount of logins required to play the games -
anyone purchasing Ubisoft's Far Cry 3 through Steam will still need to
load UPlay to play it. It's quite possible that password reuse is
rampant in gaming circles right now, which certainly doesn't help."
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.