Hacker exploits Ubisoft website to swipe user data

A hacker — or possibly multiple cybercriminals– cracked one of Ubisoft’s websites to gain access to user data, according to the publisher.

“We recently found that one of our websites was exploited to gain unauthorized access to some of our online systems,” reads a statement from Ubisoft. “We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems.”

Ubisoft confirmed that the hacker was able to get user names, e-mail addresses, and encrypted passwords. The publisher stores all payment information on a separate server, and it claims that data was not compromised.

If you played an Ubisoft game, chances are you have an account with the publisher’s Uplay online service. You can reset your password by following this link. If you used that password for any other account, which you should never do, then it’s time to reset your password elsewhere as well.

Ubisoft isn’t going into specifics of the security breach. It would only say that “credentials were stolen and used to illegally access” the network.

“Ubisoft’s security teams are exploring all available means to expand and strengthen our security measures in order to better protect our customers,” an Ubisoft spokesperson wrote in an update on its support page. “Unfortunately, no company or organization is completely immune to these kinds of criminal attacks.”