Attackers gain access to Ubisoft customer data - Update
Unknown attackers have gained access to Ubisoft's systems. The company has informed its customers and requested that they change their passwords. In the message to its customers, Ubisoft says that the attackers harvested users' account details including names, email addresses and encrypted passwords. The company said that payment information such as customers' bank details and credit card data was not affected by the attack because it isn't stored on Ubisoft's system.
The customer alert email initially caused confusion among recipients as its poor wording caused users to believe that it was a phishing attempt; howe ver, the emails genuinely originated from Ubisoft. The H's associates at heise Security are communicating with Ubisoft representatives, and further details will be provided as soon as they become available.
Update 03-07-13 15:25: A representative from Ubisoft has now confirmed that the company detected the access to its systems in June. The company did not explain how long the attackers had access to the servers but did state that they gained access by "stealing access credentials and using them to illegally access the network". Whose credentials were stolen and in what way is not clear. Ubisoft also declined to state how many customers are affected by the breach. The company says it has asked all users to reset their passwords for security reasons. Internal and external security teams are apparently investigating the incident.