Ubisoft confirms a cyber security incident simply does non telephone call it a hack
The gaming giant reveals that the cyber security incident forced the visitor to refresh passwords company-broad. The incident caused the disruption to games, systems, services. Information technology was announced after the disruption and when many users had reported bug accessing their Ubisoft service.[1]
The data extortion group LAPSUS$ tin be claimed for the incident.[2]
The official statement and overall reaction from the company is to deny the information theft or exposure entirely. However, Ubisoft initiated the password reset for employees throughout the company systems. The IT experts should piece of work on the investigation and the analysis of the security issue. The password reset is a precautionary mensurate, according to the official statements.
Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services.
The company, with its headquarters in Montreuil, France, has studios around the world. Ubisoft is a giant company known for Assassin’due south Creek, Far Cry, Merely Dance, Watch Dogs, Rabbids, and other creations. According to the users, online these service access issues started back on March 4th.[3]
No evidence of the personal information exposure
The company took precautionary measures to avert bug and damage, no further security measures or changes have been made public. Ubisoft remains tight-lipped and does not determine if this incident was a hack and what systems or features got affected. The company also states that services and games now are working properly, reporting that no testify of data admission was found.
No personal user data got accessed or exposed as a past-product of this accident that visitor refuses to phone call a hack. This incident occurred after a huge wave of similar high-contour hacks that took place in February, and some of them came out into the media headlines at the beginning of March. The LAPSUS$ hacker group claimed responsibility to NVIDIA,[4]
Mercado Libre, Samsung hacking campaigns so far. It is possible that these attackers are involved with Ubisoft likewise.
Threat actor grouping insinuates the responsibility for the hack
After the first news reports about the incident, the Lapsus$ hacker group reacted to the reports in their Telegram group. The smirk emoji could be a sign that these hackers are behind the particular hack too. Further responses on the same group confirmed that these criminals practise not target data of customers with Ubisoft. The same group has publicly claimed to be responsible for big hacks here huge chunks of data get stolen. After the incident with Nvidia, hackers stole ane TB of information, and hashed employee credentials got leaked online.[v]
Such information extortion groups breach the systems, but instead of releasing additional threats like file-encrypting ransomware, hackers rely on data access and capture methods. Criminals steal information and agree on to the information. The extortion demands are still here, only actors threaten to publish the information if the demanded sum is not transferred.
However, in this example, despite the hacker group behind the attack, criminals did not succeed in obtaining of such valuable information. It seems that whoever tried to hack Ubisoft’due south systems failed to get proprietary information, but the investigation is even so ongoing and can reveal additional details.
Source: https://www.2-spyware.com/gaming-giant-does-not-disclose-a-hack-password-refresh-is-encouraged