It’s been awhile since a hack made
headline news, which is itself newsworthy, given how poorly defended security
experts claim too many of these systems are. But here we are again: another
database with usernames and passwords ransacked, and this time the victim’s the
international publisher of heavy-hitters like Assassin’s Creed, Far
Cry, Rayman and all those scads of Tom Clancy’s-prefaced
military shooters.
Ubisoft copped to the hack
yesterday, writing in a blog security update that
one of its websites had been “exploited to gain unauthorized access to some of
[its] online systems.” The France-based company says it “instantly took steps”
to seal the breach and began investigating “with the relevant
authorities, internal and external security experts, and to start
restoring the integrity of any systems that may have been compromised.” Ubisoft
notes that Uplay, the company’s in-game digital distribution
and multiplayer service, was not impacted — only Ubisoft’s website,
though you can use your Uplay account credentials to log into the site, so I’m
guessing Uplay accounts are at risk as well.
How many people were affected? Ubisoft isn’t saying, so it’s anyone guess. But the company sells tens of millions of games worldwide and has annual revenue of well over $1 billion. As you’d expect, Ubisoft can’t elaborate on the hack, saying only that it involved data being ”illegally accessed” from its account database, including “usernames, email addresses and encrypted passwords” (the company adds in a FAQ that, as far as it knows, no other personal info like phone numbers or addressees was accessed).
The upside, if this counts as one,
is that Ubisoft says it doesn’t store personal payment information, thus credit
and debit cards were “safe from this intrusion.” For those of you wondering
what Ubisoft means when it says the passwords were “encrypted,” Ubisoft says
that while these were stored as a non-reversible “obfuscated value,” they
“could be cracked,” especially if the chosen password was weak.
What can you do to safeguard your
account? Ubisoft recommends that Ubisoft.com members change their passwords
immediately (see the secure link to do so in Ubisoft’s blog post), as
well as at other sites where you use the same or similar usernames and
passwords. And if you have additional questions or concerns, Ubisoft has a
forum thread here where
it’s responding to inquiries.
A pain? Yep, especially if you’re
guilty of using same/similar authentication credentials elsewhere. I know, it’s
easier to remember everything if you just use one name and password for
everything, but you’re flirting with disaster. A few years ago, I started
tracking my passwords in one place, so I could use different usernames and
obtuse passwords for every site/service. Yes, I have to check that
list daily to do whatever, but it offers peace of mind, and it makes security
breaches like these a snap to recover from — one name, one password change
only, everything else inviolate. (Also, if you’re looking for a first-rate
strong password generator, consider that base covered.)
Source: techland.time.com
0 comments:
Post a Comment