Gaming company Ubisoft says that a “cyber security incident” in early March didn’t appear to have put user information at risk.
However, Ubisoft told gamers to change their account passwords to be on the safe side, while the increasingly notorious Lapsus$ group later indicated it was responsible for the disruption.
According to PC Gamer, Ubisoft’s website carried a statement that said: “Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services.
“Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset.
“Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident.”
It should be noted that the “company-wide password reset” mentioned above alludes to employees. However, TechRadar reported that Ubisoft had also encouraged users to update their credentials. When asked to provide further information about the incident by several sources, Ubisoft reportedly said it had “no additional details to share.”
Lapsus$ shares announcement a day later
One day after Ubisoft released its statement, Lapsus$, which has recently leaked a tranche of data stolen from Samsung and claims to have stolen a similar volume of data from Vodafone, shared it along with the smirking face emoji.
Lapsus$ itself “confirmed” to its followers that it hadn’t targeted Ubisoft customer data. However, at the time of writing, it remains unclear precisely what the group was targeting and whether it successfully stole any data. If Lapsus$ has indeed managed to steal anything from Ubisoft, this will likely be source code along similar lines to what it had acquired from Samsung and, allegedly, Vodafone.
How to keep your Ubisoft account safe
If you’re a Ubisoft user, there are several steps you can take to heighten your account security further. In addition to resetting your password, ensure that you:
- Use a hard to guess or crack password
- Avoid using these passwords
- Use a password vault like LastPass or your web browser’s built-in “Suggest strong password” suggestion to create and store your passwords
- Never use the same password twice
- Enable multi-factor authentication (MFA) on your account so that even if your username and password are compromised, it still isn’t straightforward for anyone to gain access
Image Credit: rafapress / Shutterstock.com