Ubisoft’s inner services and products had been compromised in a safety breach this week when hackers tried to scouse borrow 900GB of information, together with Rainbow Six Siege person information, in step with VX-Underground. Ubisoft noticed the breach 48 hours later, and used to be in a position to revoke the hackers’ get right of entry to prior to they might effectively exfiltrate the information.
In a commentary to BleepingComputer, Ubisoft mentioned, “We’re conscious about an alleged information safety incident and are lately investigating. We do not have extra to percentage right now.” VX-Underground posted redacted screenshots shared by means of the attacker that allegedly display they accessed Microsoft Groups conversations, the Ubisoft SharePoint server, Confluence and MongoDB Atlas. “The Risk Actor would no longer percentage how they were given preliminary get right of entry to,” VX-Underground wrote in a publish on X. “Upon access they audited the customers get right of entry to rights and hung out totally reviewing Microsoft Groups, Confluence, and SharePoint.”
December twentieth an unknown Risk Actor compromised Ubisoft. The person had get right of entry to for more or less 48 hours till management learned one thing used to be off and get right of entry to used to be revoked.
They aimed to exfiltrate more or less 900gb of information however misplaced get right of entry to.
— vx-underground (@vxunderground) December 22, 2023
In line with VX-Underground, the attackers’ try to get Rainbow Six Siege person information used to be unsuccessful. It’s unclear right now in the event that they had been in a position to get any delicate data prior to Ubisoft close the entire thing down.
Allow 48h for review and removal.