BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Ubisoft warns of account database breach after website attack

From: Erica Absetz <erica () riskbasedsecurity com>
Date: Wed, 3 Jul 2013 15:00:03 -0500
https://www.networkworld.com/news/2013/070313-ubisoft-warns-of-account-database-271511.html?source=nww_rss

IDG News Service - Game maker Ubisoft said on Tuesday an account
database was breached due to unauthorized access of one of its
websites, revealing users' personal information.

The attack divulged user names, email addresses and encrypted
passwords, Ubisoft said. The company said it does not store payment
information.

"We instantly took steps to close off this access, to begin a thorough
investigation with relevant authorities, internal and external
security experts, and to start restoring the integrity of any
compromised systems," the company said in an advisory on its forum.

Ubisoft did not say which of its websites was breached or how long
attackers may have had access. A new splash page was being shown when
users navigated to its main website, ubisoft.com, that asked users to
change their password.

"Out of an abundance of caution, we also recommend that you change
your password on any other website or service where you use the same
or a similar password," the advisory said.

In some cases, encrypted passwords can be converted to their original
form using password cracking programs. Longer, more complicated
passwords are more difficult to crack, which is why security experts
recommend mixing in numbers, symbols and capital letters.

In April, Ubisoft took its Uplay service offline, which is used to
purchase and download games. A problem with the service allowed
hackers to download games for free, including one that had yet to be
released.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.
Previous By Date Next
Previous By Thread Next

Current thread: