Summary
Ubisoftis investigating claims of a security breach following leaked screenshots of the publisher’s internal software and tools. AfterUbisoft’s 2020 security breach, this incident possibly marks the third notable attempt at compromising the French publisher within three years. While the claim’s veracity is yet to be verified, the potential security threat could still put Ubisoft in a tricky spot, especially in the coming days.
Of course, it doesn’t help that hackers have already targeted Ubisoft at least twice over the past few years. In 2020, the ransomware group Egregor leaked 560GB of source code forWatch Dogs Legion.Ubisoft experienced another security breach in 2022, which appeared to have disrupted some of its online games and services. Following the incident, the company stated that it rectified the issue and had taken precautionary measures. Now it appears that another attempt has been made at the French publisher.
Recently, security research collective vx-underground tweeted screenshots claiming to be fromUbisoft’s internal software. They claim to have gained access to the Ubisoft SharePoint server, Microsoft Teams, Confluence, and MongoDB Atlas panel on December 20. The attacker reportedly had access for 48 hours before Ubisoft detected an issue and revoked their access, says vx-underground. Further claims indicate that the attempt was to steal 900GB of data, includingRainbow Six Siegeuser information, though unsuccessful.According to BleepingComputer, Ubisoft is aware of the security breach claim and is currently investigating the matter.
The Ubisoft incident comes merely two weeks after the massive Insomniac Games data breach. The ransomware group Rhysida leaked about 1.67TB of data after the studio reportedly refused to pay a $2 million ransom. The leaked data included a plethora of content around the upcomingMarvel’s Wolverinegame along with other internal documentation such as development costs andSony’s plans forX-Mengames. More importantly, sensitive personal information pertaining to Insomniac’s employees was also made public as part of the data breach.
While it appears that Ubisoft’s incident may not be as troubling as Insomniac’s, the threat has likely raised alarm bells at the company already. The publisher has a slate of promising games on the way, including severalAssassin’s Creedtitles and anopen-worldStar Warsgame from Massive Entertainment. Ubisoft’s upcoming AAA projects make the company a prime target for cybercriminals, particularly given how ambitious cyberattacks have been over recent years. In any case, time will tell how far the alleged threat actors have gotten and if Ubisoft is in any real danger of its internal data being exposed.
