Ubisoft won’t say why it reset employee passwords after ‘cyber incident’

techcrunch.com:

Gaming giant Ubisoft has confirmed a cybersecurity incident that led to the mass-reset of company passwords, but has declined to say what the incident actually was.

In a brief statement, Ubisoft said: “Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services. Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset.”

“Also, we can confirm that all our games and services are functioning normally and that at this time there is no evidence any player personal information was accessed or exposed as a by-product of this incident,” the statement said.

The France-headquartered video game company is best known for its Assassin’s Creed and Far Cry brands. According to the company’s latest earnings report from October, Ubisoft had 117 million active players.

It’s not uncommon for companies to initiate password resets when there is a concern that user passwords or employee credentials could have been compromised.

TechCrunch sent several questions to Ubisoft, including asking the company to describe the nature of the cybersecurity incident, such as whether it was a breach of its network; and if the company has the means, such as logs, to detect evidence of improper data access or exfiltration. Having logs would allow the company to know with a higher degree of certainty if data was exfiltrated, rather than having no logs and no evidence.

A Ubisoft spokesperson said the company had “nothing additional to share” regarding the incident.

If you know more about the Ubisoft cyber incident or work at the company, get in touch with the security desk  on Signal and WhatsApp at +1