Ubisoft Entertainment SA, a French video game publisher, has confirmed an attempted breach of the company’s security to steal personal and sensitive data from its infrastructure.
According to sources, an unknown malicious actor accessed Ubisoft’s internal tools on December 20, with the alleged goal of obtaining 900 GB of data. After penetrating the French game publisher’s internal systems, the hacker examined user access rights as well as Microsoft Teams, Confluence and SharePoint. However, Ubisoft managed to revoke access after 48 hours.
Ubisoft, famous games like Assassin’s Creed and Avatar: Frontiers of Pandora, is investigating the breach to determine how the “unknown threat actor” allegedly gained access to the company’s Microsoft Teams, Confluence, Atlas and SharePoint channels and maintained this access for 48 hours before Ubisoft revoked access.
It is worth noting that the latest cybersecurity incident at Ubisoft occurred just a year later the company was forced to reset its password due to a Lapsus$-related cyberattack.
The VX-Underground online malware repository job about the incident on its X page (Twitter), explaining that the attackers were “aiming” to obtain 900 GB of data from Ubisoft.
“On December 20, an unknown threat actor compromised Ubisoft. The individual had access for approximately 48 hours until administration realized something was wrong and access was revoked. They aimed to exfiltrate around 900 GB of data but lost access to it.
The researchers also shared screenshots of Ubisoft’s internal services. It remains unclear whether the hacker(s) could obtain data before Ubisoft revokes access. However, it is suspected that the attackers wanted to obtain Rainbow Six: Siege user data, but failed. The company claims to be “aware” of the security incident but has not yet shared additional information.
This is the second data breach targeting a major video game company this month. Earlier in December, as reported by Hackread.comRatchet & Clank and Spider-Man developer Insomniac Games obtained sensitive employee data/information regarding unreleased video games stolen during a massive hacking incident.
The hacker released Insomniac’s detailed plans for the next decade, including unannounced projects, production details, art assets and employee information. The Rhysida ransomware group took responsibility for the hack and demanded 50 bitcoins to prevent the data from being publicly published.
In Ubisoft’s case, so far there is no indication that anything like this has been accessed or leaked. Nonetheless, the resurgence of the trend of targeting video game giants is not surprising, as hackers are known for ruining Christmas and vacations for gamers.
- Online gaming and protection against cyberattacks
- Fake Cyberpunk 2077 Android app delivering ransomware
- The game controller maker revealed 1.1 million customer records
- ALPHV Ransomware Used Vishing to Scam an MGM Resorts Employee
- Capcom ransomware attack: game details leaked; no ransom was paid
Gn En tech