My questionsLogin to ask a question, or to update and review your existing support tickets To my questions
My Account Login and make changes to your Uplay account To my account
Uplay Shop Visit our Online Shop to purchase goodies (including strictly limited or exclusive editions of our products) or if you need help with your Uplay Shop order To the Uplay Shop

Security update regarding your Ubisoft account - please create a new password

Answer ID 000017479 | 6/28/2013 10:24:17 AM

Question Security update regarding your Ubisoft account - please create a new passwordAnswer

Hello All,

We recently found that one of our Web sites was exploited to gain unauthorised access to some of our online systems. We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to start restoring the integrity of any compromised systems.

During this process, we learned that data were illegally accessed from our account database, including user names, email addresses and encrypted passwords. No personal payment information is stored with Ubisoft, meaning your debit/credit card information was safe from this intrusion.

As a result, we are recommending you to change your password -
CLICK HERE TO CHANGE YOUR PASSWORD.
 
Out of an abundance of caution, we also recommend that you change your password on any other Web site or service where you use the same or a similar password. 

An official forum thread has been created for you to post your questions.

We sincerely apologise for any inconvenience and thank you for your understanding.

 

User-added image

 

What can I do to secure my account?
We are recommending all our users change their passwords. Password can be changed by clicking this link. We also recommend that you change your password on any other Web site or service where you use the same or a similar password. Please note that no personal payment information is stored with Ubisoft, meaning your payment details were not at risk from this intrusion.


How did this happen? Which website was exploited? Where did it come from?
Credentials were stolen and used to illegally access our online network. We can’t go into specifics for security reasons.


Has any of my personal data been compromised?
The intruder was able to access account data including user names, email addresses and encrypted password. To our knowledge, no other personal information (phone numbers, physical addresses etc. was accessed). No personal payment information is stored with Ubisoft, meaning your credit/debit card information was not at risk from this intrusion.


What is an encrypted password?
Passwords are not stored in clear-text but as an obfuscated value. Those cannot be reversed but could be cracked, in particular if the password chosen is weak. This is the reason we are recommending our users to change their password.


Has any of my financial data been compromised?
No personal payment information is stored with Ubisoft, meaning your credit/debit card information was not at risk from this intrusion.


What is an encrypted password?
Passwords are not stored in clear-text but as an obfuscated value, they are cryptographically hashed. Those cannot be reversed but could be cracked, in particular if the password chosen is weak. This is the reason we are recommending our users to change their password.


Which measures did you take following this incident?
We instantly took steps to close off this access, to begin a thorough investigation with relevant authorities, internal and external security experts, and to restore the integrity of any compromised systems.


Do you plan to take additional security measures in the future? Is there a risk of this happening again?
Ubisoft’s security teams are exploring all available means to expand and strengthen our security measures in order to better protect our customers.  Unfortunately, no company or organisation is completely immune to these kinds of criminal attacks. 


Is it related to other recent hacks faced by other gaming companies?
There is no evidence that this intrusion is related to any other game company’s previous security incidents.


Was it Uplay that was hacked? Were its servers hacked?
No, the attack did not originate via any Uplay services, the intrusion targeted some of our online systems.


Have other Ubisoft systems been affected? Will your games’ online stability be affected by the attack?
We instantly begin working to restore the integrity of any compromised systems and are continuing to investigate the incident. The uptime and stability of our games’ online services were not affected by this intrusion.  


How to make sure the email I received has been sent by Ubisoft and is not a phishing attempt:
The link embedded in the email you received should start with: https://secure.ubi.com and when you click on the link, you should also check that the address displayed in your browser starts with https://secure.ubi.com.


If you are experiencing difficulty accessing your account please contact using the address below:   
passwordsupport-en@ubisoft.com