Tag Archive for: Ubisoft

Ubisoft Thwarts Hacking Attempt Weeks After Insomniac Data Breach

/in


Ubisoft has apparently thwarted an attempted hack during which an individual gained access to the company’s systems for 48 hours. The company has said that it’s currently investigating the security breach, and a full statement will likely come after the holiday.

Ubisoft hack could have resulted in a theft of 900 GB of data

First reported by Bleeping Computer, Twitter user vx-underground posted screenshots that purportedly show an individual attempting to steal 900 GB of data from Ubisoft’s systems on December 20 — not long after a devastating ransomware attack on Insomniac Games. It’s unclear if the individual is affiliated with a group or was acting solo.

The hacker had access to Ubisoft’s systems for roughly 48 hours when the breach was detected and they were thrown out, seemingly unsuccessful in their attempt to lift the data.

Bleeping Computer reached out to Ubisoft who acknowledged reports of the infiltration. “We are aware of an alleged data security incident and are currently investigating,” the statement reads. “We don’t have more to share at this time.”

While Ubisoft managed to fight off the hacker, Insomniac Games wasn’t so lucky. The studio is still reeling from the impact of the ransomware attack, and is assessing the damage.

The post Ubisoft Thwarts Hacking Attempt Weeks After Insomniac Data Breach appeared first on PlayStation LifeStyle.

Source…

Ubisoft reportedly shutdown a “data security incident” earlier this week

/in


Ubisoft is reportedly investigating an “unknown threat actor” who allegedly gained access to the company’s Microsoft Teams, Confluence, Atlas, and SharePoint channels for 48 hours before access was revoked.

According to the Gaming Leaks and Rumours subreddit and as reported by Bleeping Computer, screenshots allegedly taken during the 20th December hack have since been leaked online. Ubisoft has reportedly confirmed it is investigating an “alleged data security incident”.

“December 20th, an unknown Threat Actor compromised Ubisoft,” tweeted vx-underground. “The individual had access for roughly 48 hours until administration realised something was off, and access was revoked.

“They aimed to exfiltrate roughly 900GB of data but lost access,” vx-underground adds. It’s not clear what, if any, data the hacker obtained before they were kicked from the system.

Apparently, the “threat actor” would not share how they got initial access, but upon entry into Ubisoft’s internal systems, the hacker “audited users access rights and spent time thoroughly reviewing Microsoft Teams, Confluence, and SharePoint”.

Access was revoked before the threat actor successfully exfiltrated Rainbow Six Siege user data.

“We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time,” Ubisoft said in a statement to BleepingComputer.

Marvel’s Spider-Man developer Insomniac Games has now released a statement addressing the ransomware attack on its studio earlier this month, the release of stolen data this week, and the spread of information on upcoming projects now circulating the internet.

The PlayStation studio had stayed silent until now, something it said was a result of it being “focused inward” to support team members. Personal data was included in…

Source…

Ubisoft changes employee passwords after “cyber security incident” • Graham Cluley

/in


Ubisoft changes staff passwords after

Video game company Ubisoft, maker of hit titles like Assassin’s Creed and Just Dance, says that it has “experienced a cyber security incident.”

In a brief statement published on its website, Ubisoft said that out of caution it had “initiated a company-wide password reset” but that games and services were acting normally and there was “no evidence” any players’ personal information had been exposed.

Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset. Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident.

If the claim that no players’ data was breached as a result of the “security incident” then I guess that’s some relief, at least.

Sign up to our newsletter
Security news, advice, and tips.

As The Verge reports, the LAPSUS$ hacking group – which has recently claimed responsibility for attacks that stole internal data from NVIDIA and Samsung – implied on a Telegram group that it might be taking credit for the Ubisoft incident as well.

And by the way, who on earth says “experienced a cyber security incident”?

Come on Ubisoft, tell us what happened! Did someone manage to log into your network using stolen staff passwords? Did someone leave a sensitive database lying around exposed on the public internet? Did a member of staff get duped into running malware on their computer?

Some details would be nice…

And maybe sharing some more information of what you’re doing to strengthen security would be helpful too.

For instance, changing passwords is all very good (and let’s hope you’re advising members of staff to not use easy-to-crack passwords, or passwords that they have previously used elsewhere on the internet), but wouldn’t it be great to hear that you’re ensuring all workers are hardening their staff accounts with…

Source…

Ubisoft Bows To Monster Energy To Rename An Upcoming Game Horribly

/in

Veteran Techdirt readers will have been so tempered by stories about Monster Energy playing the trademark bully at this point that the mere mention of the company should cause them to roll their eyes. Still, the history of what we’ve covered in the Monster’s attempt to win the trademark-protectionist championship are still constructive in one very important way: Monster Energy regularly loses these disputes. That in itself shouldn’t be terribly surprising; the company’s decisions on just how often to enforce the trademark rights it has are often so absurd that it would be a shock if it put together any sort of real winning streak. But what is surprising is when victims of Monster’s bullying choose to actually concede to the bullying, given that losing track record.

But it happens, even when the victim is a large enough entity that it could fight if it wanted to. A recent example of this is how Ubisoft changed the name of an upcoming video game after Monster Energy opposed its trademark application for it.

Ubisoft’s Gods & Monsters recently underwent some rebranding, switching its name to the demonstrably-worse Immortals Fenyx Rising a few weeks ago. It has gone over like a lead balloon. In fact, it had our team wondering if we should just refuse the new name and stick with the old one!

As uncovered by TechRaptor, Monster Energy opposed Ubisoft’s trademark for the title “Gods & Monsters.” The logic goes that Monster has enough of a presence within video games that Ubisoft’s use could reasonably cause confusion among consumers.

Logic which runs counter to the purpose of trademark law, to how trademark law actually works in terms of market designations, as well as to good business and marketing. Taking those in reverse order: the name change is almost objectively terrible. I have yet to find any publication that thinks the title switch was even a wash for Ubisoft, never mind beneficial. The universal opinion seems to be, and I agree with it, that Ubisoft to one extent or another participated in a bit of self-harm by this rebranding.

Now, on to the actual legal question. The consensus here too seems to be that Ubisoft could have easily have won this battle on the merits, but didn’t want to simply to avoid any delay stemming from a legal battle.

Playing armchair attorney, this seems like something Ubisoft probably could’ve won, no? My guess is that it has less to do with whether or not Ubisoft cared to spend the money on this legal battle, and more to do with just getting the game out on shelves. Immortals has been delayed already, and its sales factor into Ubisoft’s fiscal year that ends in March 2021. Fighting a protracted trademark infringement case would further delay the game. Going ahead with the name Gods & Monsters would result in an injunction. Ubisoft may be in the right, but it doesn’t have the time to prove it.

Which is all probably true, but only if Ubisoft couldn’t have gotten a declaratory judgement when Monster Energy first opposed the trademark application. Because it is quite clear that there is no infringement here. Whatever participation Monster Energy has in the video game space, most of which is mere sponsorship and advertising, it still isn’t a maker of video games. Ubisoft should have needed merely to point that out to get its use declared legit. Couple that with the broader question as to whether literally anyone would make the association between a video game called Gods & Monsters and an energy drink company and I would guess getting a court to side with it would have been fairly easy for Ubisoft.

But Ubisoft decided against that route and bowed to Monster Energy’s bullying. Which is how we get Immortals Fenyx Rising instead of Gods & Monsters. An objectively worse name. For no reason, other than trademark bullying.

Cool.

Techdirt.