Ubisoft has confirmed a recent “cybersecurity incident” but insists it has not led to user data theft or exposure.
The gaming giant, headquartered in Montreuil, France, said on March 10 that the incident took place earlier this month, causing “temporary disruption to some of our games, systems, and services.”
Ubisoft’s IT team is currently working with cybersecurity experts to investigate the situation and, as of now, has decided to initiate a company-wide password reset. However, no further security measures or changes have been made public.
Furthermore, the company says that games and services are now working properly, and there is no evidence, at present, of “any player personal information [being] accessed or exposed as a by-product of this incident.”
As reported by The Verge, the LAPSUS$ ransomware gang may be responsible and has reportedly taken credit.
LAPSUS$ previously claimed responsibility for February’s Nvidia hack, in which the group claimed to have stolen approximately 1TB in data. Hashed Nvidia employee credentials were leaked.
“We are aware that the threat actor took employee passwords and some Nvidia proprietary information from our systems and has begun leaking it online,” the vendor responded at the time the incident was made public. “Our team is working to analyze that information. All employees have been required to change their passwords.”
According to a Telegram group chat allegedly operated by LAPSUS$, there has been a “delay” in further Nvidia releases due to “one of our members begging Nvidia for stupid amounts of money.” (The post has since been deleted).
In December 2021, Ubisoft said a cyberattack had been launched against the infrastructure supporting the game Just Dance. This incident was caused by a “misconfiguration” that has since been resolved.
ZDNet reached out to Nvidia, which referred us back to the firm’s past statement on the cybersecurity incident.
See also
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0