Excerpt from Timesofindia Article, Published on Dec 25, 2023.
VX-Underground, a prominent open-source community for threat researchers, disclosed an attempted breach on Ubisoft, the renowned game maker, aiming to siphon off 900GB of its internal data. The breach, involving the compromised internal services of the game developer, targeted user information from the popular tactical shooter game Rainbow Six Siege.
According to Engadget’s report, Ubisoft detected the breach within 48 hours and promptly revoked the hackers’ access before any data exfiltration occurred. Ubisoft, in response, acknowledged the incident, stating, “We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time,” as conveyed to BleepingComputer.
VX-Underground shared screenshots retrieved from the attackers, displaying access to Ubisoft’s internal software, including Microsoft Teams conversations, SharePoint server, Confluence, and MongoDB Atlas. The extent of sensitive information accessed remains undisclosed, leaving uncertainty about potential data exposure before Ubisoft intervened.
This incident adds to Ubisoft’s history of breaches. In 2020, the Egregor ransomware gang infiltrated Ubisoft, pilfering portions of the Watch Dogs title’s source code. In 2022, another breach disrupted the company’s games, systems, and services, highlighting recurring cybersecurity challenges for the France-based video game publisher.
To delve deeper into this topic, please read the full article on Timesofindia.