Ubisoft states that a “security” incident resets Staff Passwords

Ubisoft states that a “security” incident resets Staff Passwords

Ubisoft, the well known video game developer confirms that they suffered a “cyber security incident” that caused disruption to their games, systems and services. This announcement was released after multiple Ubisoft users reported last week, that they came across issues when accessing Ubisoft services. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, seems to be behind this incident.

Ubisoft initiates ‘company-wide password reset’

“Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services,” says the company in a succinct news release. “Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset.”

Headquarters situated in Montreuil with studios around the world, Ubisoft has repeatedly produced hit titles such as Assassin’s Creed, Far Cry, For Honor, Just Dance, Prince of Persia, Rabbids, Rayman, Tom Claney’s and Watch Dogs. Users on Twitter and Downdetector reported on the 4th of March, of issues accessing some of the Ubisoft services, that appear to be linked to this incident. At that time, there was no evidence indicating any personal information of players was exposed during the incident. The company also confirms that all Ubisoft games and services are now functioning normally.

Ubisoft down tweets

LAPSUS$ group reacts to the disclosure

News of Ubisoft confirming the cyber security incident was first reported by The Verge. Moments later, admins of what is believed to be Lapsus$’ Telegram group reacted to The Verge’s initial report with a smirk emoji, insinuating that Lapsus$ is behind the hack.

Lapsus$ appears to claim responsibility

Lapsus$ has previously leaked gigabytes of proprietary data purportedly stolen from leading companies as SamsungNVIDIA, and Mercado Libre who confirmed this month they had suffered a breach. Data extortion groups like Lapsus$ breach victims but as opposed to encrypting confidential files like a ransomware operator would, these actors steal and hold on to victims’ proprietary data, and publish it should their extortion demands not be met. In 2020, Egregor ransomware had hit game developer Crytek and leaked what they claim were files stolen from Ubisoft’s network. Although, at the time, Ubisoft did not confirm the authenticity of the claim. In this case, however, it does not seem that Lapsus$ or any other threat actor was able to obtain Ubisoft’s proprietary data, and the investigation continues.

 

Source: https://www.bleepingcomputer.com/news/security/ubisoft-confirms-cyber-security-incident-resets-staff-passwords/

No Image - Ubisoft states that a “security” incident resets Staff Passwords
May 21st, 2024

ISO 27002:2022

Copy link
Powered by Social Snap