Ubisoft Reveals Player Data Breach Came from User Error

Ubisoft has admitted that data on some players may have been taken after a breach of its IT systems stemming from human error.

The French gaming giant explained in a brief post that the misconfiguration of its IT infrastructure was quickly identified, but not before unauthorized individuals were able to access and perform a “possible copy” of the information.

Data stolen related to players of the wildly popular Just Dance game.

“The data in question was limited to ‘technical identifiers’ which include GamerTags, profile IDs, and Device IDs as well as Just Dance videos that were recorded and uploaded to be shared publicly with the in-game community and/or on your social media profiles,” the firm explained.

“Our investigation has not shown that any Ubisoft account information has been compromised as a result of this incident.”

Ubisoft claimed all affected players would be contacted via email shortly and would be able to follow up with any queries by getting in touch with the firm’s support team.

“We have taken all the proactive measures necessary to secure our infrastructure from future incidents,” it said.

This isn’t the first time Ubisoft’s security has been found wanting.

Back in 2013, it revealed that threat actors were able to access customer names, email addresses and encrypted passwords from an account database.

More recently, it suffered a ransomware attack after the Egregor gang claimed to have been able to access employee and developer data and personal info, as well as game source code.

However, Ubisoft isn’t the only gaming firm to have been targeted of late. Electronic Arts (EA) was hit back in June 2021 when attackers advertised 780GB of stolen data for sale, including source code from popular titles like FIFA 21 and the underlying Battlefield engine, which powers many of its games.

What’s Hot on Infosecurity Magazine?