Ubisoft investigating compromised Uplay accounts
Source: Ubisoft forum user anders_190
According to a report by GameSpy, users on Ubisoft's forums have been complaining about having lost access to their accounts on the company's Uplay online service. Starting around 30 December, many of the affected users say they have received emails telling them that the email addresses for their accounts had been changed to addresses associated with particular sites under the Russian .ru and .su top-level domains, suggesting that the hacks are part of a larger attack by a hacker or group of hackers. According to GameSpy, Ubisoft has confirmed the situation and said that "a limited number" of accounts are affected. No personal or financial details were compromised, according to the company.
Ubisoft did not give details of how the hackers managed to breach the accounts, but access for affected users was restored promptly once staff in charge of the matter returned from their holiday breaks. Some users in the forum thread in question claimed to have randomly generated passwords for their Uplay account. Uplay is Ubisoft's DRM and multiplayer matchmaking system; users who lost access to their accounts were unable to play games registered through it.
Commenting on a Facebook posting, Ubisoft Support also suggested that affected users should change their passwords on other services if they had used their Uplay password elsewhere. The company says it had reports of users' Yahoo, EA and Amazon accounts being compromised at the same time as their Uplay accounts were hacked. This would suggest the hackers had access to a plain text version of the passwords, but Ubisoft has not officially confirmed this. The company's security team is currently investigating the incident further.