Game over for some Ubisoft players

Hackers compromised personal information inside at least one of the game publisher’s databases, including user names, email addresses and “encrypted password,” according to Ubisoft.

“We recently found that one of our Web sites was exploited to gain unauthorised access to some of our online systems,” the company’s website states. “Credentials were stolen and used to illegally access our online network. We can’t go into specifics for security reasons.”

The intrusion “did not originate via any Uplay” online gaming service, instead targeting “some of our online systems,” company officials claimed. Ubisoft is “continuing to investigate the incident. The uptime and stability of our games’ online services were not affected by this intrusion.”

Ubisoft explains the form of encryption applied as follows: “Passwords are not stored in clear-text but as an obfuscated value, they are cryptographically hashed. Those cannot be reversed but could be cracked, in particular if the password chosen is weak.”

ESET reports that the gaming giant revealed the breach in an email sent the night of July 2 to Uplay users.

“Uplay works across platforms such as PC, Xbox 360, iOS and Facebook. The Uplay system requires users to log in with an email or password, and offers digital extras such as screensavers for PC games, but also works as a Digital Rights Management system (DRM) to prevent copying,” according to ESET. “Some gamers responded angrily to the breach – Ubisoft’s Uplay system is compulsory on many games, which has meant that gamers felt strong-armed into handing over data.”