Ubisoft changes employee passwords after “cyber security incident” • Graham Cluley

Ubisoft changes staff passwords after

Video game company Ubisoft, maker of hit titles like Assassin’s Creed and Just Dance, says that it has “experienced a cyber security incident.”

In a brief statement published on its website, Ubisoft said that out of caution it had “initiated a company-wide password reset” but that games and services were acting normally and there was “no evidence” any players’ personal information had been exposed.

Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset. Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident.

If the claim that no players’ data was breached as a result of the “security incident” then I guess that’s some relief, at least.

Sign up to our newsletter
Security news, advice, and tips.

As The Verge reports, the LAPSUS$ hacking group – which has recently claimed responsibility for attacks that stole internal data from NVIDIA and Samsung – implied on a Telegram group that it might be taking credit for the Ubisoft incident as well.

And by the way, who on earth says “experienced a cyber security incident”?

Come on Ubisoft, tell us what happened! Did someone manage to log into your network using stolen staff passwords? Did someone leave a sensitive database lying around exposed on the public internet? Did a member of staff get duped into running malware on their computer?

Some details would be nice…

And maybe sharing some more information of what you’re doing to strengthen security would be helpful too.

For instance, changing passwords is all very good (and let’s hope you’re advising members of staff to not use easy-to-crack passwords, or passwords that they have previously used elsewhere on the internet), but wouldn’t it be great to hear that you’re ensuring all workers are hardening their staff accounts with…