Ubisoft states that a “security” incident resets Staff Passwords
March 15th, 2022 - Written By CyberLabs
Ubisoft, the well known video game developer confirms that they suffered a “cyber security incident” that caused disruption to their games, systems and services. This announcement was released after multiple Ubisoft users reported last week, that they came across issues when accessing Ubisoft services. Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, seems to be behind this incident.
Ubisoft initiates ‘company-wide password reset’
“Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services,” says the company in a succinct news release. “Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset.”
Headquarters situated in Montreuil with studios around the world, Ubisoft has repeatedly produced hit titles such as Assassin’s Creed, Far Cry, For Honor, Just Dance, Prince of Persia, Rabbids, Rayman, Tom Claney’s and Watch Dogs. Users on Twitter and Downdetector reported on the 4th of March, of issues accessing some of the Ubisoft services, that appear to be linked to this incident. At that time, there was no evidence indicating any personal information of players was exposed during the incident. The company also confirms that all Ubisoft games and services are now functioning normally.
LAPSUS$ group reacts to the disclosure
News of Ubisoft confirming the cyber security incident was first reported by The Verge. Moments later, admins of what is believed to be Lapsus$’ Telegram group reacted to The Verge’s initial report with a smirk emoji, insinuating that Lapsus$ is behind the hack.
Lapsus$ has previously leaked gigabytes of proprietary data purportedly stolen from leading companies as Samsung, NVIDIA, and Mercado Libre who confirmed this month they had suffered a breach. Data extortion groups like Lapsus$ breach victims but as opposed to encrypting confidential files like a ransomware operator would, these actors steal and hold on to victims’ proprietary data, and publish it should their extortion demands not be met. In 2020, Egregor ransomware had hit game developer Crytek and leaked what they claim were files stolen from Ubisoft’s network. Although, at the time, Ubisoft did not confirm the authenticity of the claim. In this case, however, it does not seem that Lapsus$ or any other threat actor was able to obtain Ubisoft’s proprietary data, and the investigation continues.